From 7a336c677e80e0405e523891c5622c1c18cff332 Mon Sep 17 00:00:00 2001 From: pawan Date: Thu, 31 Oct 2019 01:45:17 +0530 Subject: [PATCH 01/63] Add test to understand flow of key storage --- account_manager/Cargo.toml | 3 + account_manager/src/keystore.rs | 89 ++++++++++++ account_manager/src/main.rs | 250 ++++++++++++++++++++++++++++++++ 3 files changed, 342 insertions(+) create mode 100644 account_manager/src/keystore.rs create mode 100644 account_manager/src/main.rs diff --git a/account_manager/Cargo.toml b/account_manager/Cargo.toml index ad91ad4efe2..3e11370c54e 100644 --- a/account_manager/Cargo.toml +++ b/account_manager/Cargo.toml @@ -6,6 +6,7 @@ edition = "2018" [dev-dependencies] tempdir = "0.3" +tree_hash = "0.1" [dependencies] bls = { path = "../eth2/utils/bls" } @@ -26,3 +27,5 @@ rayon = "1.2.0" eth2_testnet_config = { path = "../eth2/utils/eth2_testnet_config" } web3 = "0.8.0" futures = "0.1.25" +parity-crypto = "0.4.2" +rand = "0.7.2" diff --git a/account_manager/src/keystore.rs b/account_manager/src/keystore.rs new file mode 100644 index 00000000000..225bcc67638 --- /dev/null +++ b/account_manager/src/keystore.rs @@ -0,0 +1,89 @@ +#[cfg(test)] +mod tests { + use parity_crypto::aes::{decrypt_128_ctr, encrypt_128_ctr}; + use parity_crypto::digest; + use parity_crypto::pbkdf2::{sha256, Salt, Secret}; + use rand::prelude::*; + use types::Keypair; + + struct Keystore { + // Cipher stuff + pub cipher_message: Vec, + pub iv: Vec, + // Checksum stuff + pub checksum: Vec, + // kdf stuff + pub iterations: u32, + pub dk_len: u32, + pub salt: Vec, + } + + #[test] + fn test_keystore() { + let keypair = Keypair::random(); + let password = "bythepowerofgrayskull"; + // Derive decryption key from password + let iterations = 1000; + let dk_len = 32; + let salt = rand::thread_rng().gen::<[u8; 32]>(); + let mut decryption_key = [0; 32]; + + // Run the kdf on the password to derive decryption key + sha256( + iterations, + Salt(&salt), + Secret(password.as_bytes()), + &mut decryption_key, + ); + // Encryption params + let iv = rand::thread_rng().gen::<[u8; 16]>(); + let mut cipher_message = vec![0; 48]; + // Encrypt bls secret key with first 16 bytes as aes key + encrypt_128_ctr( + &decryption_key[0..16], + &iv, + &keypair.sk.as_raw().as_bytes(), + &mut cipher_message, + ) + .unwrap(); + // Generate checksum + let mut pre_image: Vec = decryption_key[16..32].to_owned(); // last 16 bytes of decryption key + pre_image.append(&mut cipher_message.clone()); + let checksum_message: Vec = digest::sha256(&pre_image).to_owned(); + + // Generate keystore + let keystore = Keystore { + cipher_message, + iv: iv.to_owned().to_vec(), + checksum: checksum_message, + iterations, + dk_len, + salt: salt.to_owned().to_vec(), + }; + + // Regnerate decryption key + let mut decryption_key1 = [0; 32]; + sha256( + keystore.iterations, + Salt(&keystore.salt), + Secret(password.as_bytes()), + &mut decryption_key1, + ); + // Verify checksum + let mut dk_slice = decryption_key1[16..32].to_owned(); + dk_slice.append(&mut keystore.cipher_message.clone()); + let checksum: Vec = digest::sha256(&dk_slice).to_owned(); + assert_eq!(checksum, keystore.checksum); + + // Verify receovered sk + let mut sk = vec![0; 48]; + decrypt_128_ctr( + &decryption_key[0..16], + &keystore.iv, + &keystore.cipher_message, + &mut sk, + ) + .unwrap(); + assert_eq!(sk, keypair.sk.as_raw().as_bytes()); + } +} diff --git a/account_manager/src/main.rs b/account_manager/src/main.rs new file mode 100644 index 00000000000..47018647688 --- /dev/null +++ b/account_manager/src/main.rs @@ -0,0 +1,250 @@ +use bls::Keypair; +use clap::{App, Arg, SubCommand}; +use slog::{crit, debug, info, o, Drain}; +use std::fs; +use std::path::PathBuf; +use types::test_utils::generate_deterministic_keypair; +use types::DepositData; +use validator_client::Config as ValidatorClientConfig; +mod deposit; +mod keystore; + +pub const DEFAULT_DATA_DIR: &str = ".lighthouse-validator"; +pub const CLIENT_CONFIG_FILENAME: &str = "account-manager.toml"; + +fn main() { + // Logging + let decorator = slog_term::TermDecorator::new().build(); + let drain = slog_term::CompactFormat::new(decorator).build().fuse(); + let drain = slog_async::Async::new(drain).build().fuse(); + let mut log = slog::Logger::root(drain, o!()); + + // CLI + let matches = App::new("Lighthouse Accounts Manager") + .version("0.0.1") + .author("Sigma Prime ") + .about("Eth 2.0 Accounts Manager") + .arg( + Arg::with_name("logfile") + .long("logfile") + .value_name("logfile") + .help("File path where output will be written.") + .takes_value(true), + ) + .arg( + Arg::with_name("datadir") + .long("datadir") + .short("d") + .value_name("DIR") + .help("Data directory for keys and databases.") + .takes_value(true), + ) + .subcommand( + SubCommand::with_name("generate") + .about("Generates a new validator private key") + .version("0.0.1") + .author("Sigma Prime "), + ) + .subcommand( + SubCommand::with_name("generate_deterministic") + .about("Generates a deterministic validator private key FOR TESTING") + .version("0.0.1") + .author("Sigma Prime ") + .arg( + Arg::with_name("validator index") + .long("index") + .short("i") + .value_name("index") + .help("The index of the validator, for which the test key is generated") + .takes_value(true) + .required(true), + ) + .arg( + Arg::with_name("validator count") + .long("validator_count") + .short("n") + .value_name("validator_count") + .help("If supplied along with `index`, generates keys `i..i + n`.") + .takes_value(true) + .default_value("1"), + ), + ) + .subcommand( + SubCommand::with_name("generate_deposit_params") + .about("Generates deposit parameters for submitting to the deposit contract") + .version("0.0.1") + .author("Sigma Prime ") + .arg( + Arg::with_name("validator_sk_path") + .long("validator_sk_path") + .short("v") + .value_name("validator_sk_path") + .help("Path to the validator private key directory") + .takes_value(true) + .required(true), + ) + .arg( + Arg::with_name("withdrawal_sk_path") + .long("withdrawal_sk_path") + .short("w") + .value_name("withdrawal_sk_path") + .help("Path to the withdrawal private key directory") + .takes_value(true) + .required(true), + ) + .arg( + Arg::with_name("deposit_amount") + .long("deposit_amount") + .short("a") + .value_name("deposit_amount") + .help("Deposit amount in GWEI") + .takes_value(true) + .required(true), + ), + ) + .get_matches(); + + let data_dir = match matches + .value_of("datadir") + .and_then(|v| Some(PathBuf::from(v))) + { + Some(v) => v, + None => { + // use the default + let mut default_dir = match dirs::home_dir() { + Some(v) => v, + None => { + crit!(log, "Failed to find a home directory"); + return; + } + }; + default_dir.push(DEFAULT_DATA_DIR); + default_dir + } + }; + + // create the directory if needed + match fs::create_dir_all(&data_dir) { + Ok(_) => {} + Err(e) => { + crit!(log, "Failed to initialize data dir"; "error" => format!("{}", e)); + return; + } + } + + let mut client_config = ValidatorClientConfig::default(); + + // Ensure the `data_dir` in the config matches that supplied to the CLI. + client_config.data_dir = data_dir.clone(); + + if let Err(e) = client_config.apply_cli_args(&matches, &mut log) { + crit!(log, "Failed to parse ClientConfig CLI arguments"; "error" => format!("{:?}", e)); + return; + }; + + // Log configuration + info!(log, ""; + "data_dir" => &client_config.data_dir.to_str()); + + match matches.subcommand() { + ("generate", Some(_)) => generate_random(&client_config, &log), + ("generate_deterministic", Some(m)) => { + if let Some(string) = m.value_of("validator index") { + let i: usize = string.parse().expect("Invalid validator index"); + if let Some(string) = m.value_of("validator count") { + let n: usize = string.parse().expect("Invalid end validator count"); + + let indices: Vec = (i..i + n).collect(); + generate_deterministic_multiple(&indices, &client_config, &log) + } else { + generate_deterministic(i, &client_config, &log) + } + } + } + ("generate_deposit_params", Some(m)) => { + let validator_kp_path = m + .value_of("validator_sk_path") + .expect("generating deposit params requires validator key path") + .parse::() + .expect("Must be a valid path"); + let withdrawal_kp_path = m + .value_of("withdrawal_sk_path") + .expect("generating deposit params requires withdrawal key path") + .parse::() + .expect("Must be a valid path"); + let amount = m + .value_of("deposit_amount") + .expect("generating deposit params requires deposit amount") + .parse::() + .expect("Must be a valid u64"); + let deposit = generate_deposit_params( + validator_kp_path, + withdrawal_kp_path, + amount, + &client_config, + &log, + ); + // TODO: just printing for now. Decide how to process + println!("Deposit data: {:?}", deposit); + } + _ => { + crit!( + log, + "The account manager must be run with a subcommand. See help for more information." + ); + } + } +} + +fn generate_random(config: &ValidatorClientConfig, log: &slog::Logger) { + save_key(&Keypair::random(), config, log) +} + +fn generate_deterministic_multiple( + validator_indices: &[usize], + config: &ValidatorClientConfig, + log: &slog::Logger, +) { + for validator_index in validator_indices { + generate_deterministic(*validator_index, config, log) + } +} + +fn generate_deterministic( + validator_index: usize, + config: &ValidatorClientConfig, + log: &slog::Logger, +) { + save_key( + &generate_deterministic_keypair(validator_index), + config, + log, + ) +} + +fn save_key(keypair: &Keypair, config: &ValidatorClientConfig, log: &slog::Logger) { + let key_path: PathBuf = config + .save_key(&keypair) + .expect("Unable to save newly generated private key."); + debug!( + log, + "Keypair generated {:?}, saved to: {:?}", + keypair.identifier(), + key_path.to_string_lossy() + ); +} + +fn generate_deposit_params( + vk_path: PathBuf, + wk_path: PathBuf, + amount: u64, + config: &ValidatorClientConfig, + log: &slog::Logger, +) -> DepositData { + let vk: Keypair = config.read_keypair_file(vk_path).unwrap(); + let wk: Keypair = config.read_keypair_file(wk_path).unwrap(); + + let spec = types::ChainSpec::default(); + debug!(log, "Generating deposit parameters"); + deposit::generate_deposit_params(vk, &wk, amount, &spec) +} From 44e4e29a458741184d3fb65254b969709830e153 Mon Sep 17 00:00:00 2001 From: pawan Date: Fri, 1 Nov 2019 00:59:26 +0530 Subject: [PATCH 02/63] First commit --- account_manager/Cargo.toml | 1 + account_manager/src/cipher.rs | 34 +++++++ account_manager/src/kdf.rs | 53 +++++++++++ account_manager/src/keystore.rs | 164 +++++++++++++++++--------------- account_manager/src/main.rs | 2 + 5 files changed, 175 insertions(+), 79 deletions(-) create mode 100644 account_manager/src/cipher.rs create mode 100644 account_manager/src/kdf.rs diff --git a/account_manager/Cargo.toml b/account_manager/Cargo.toml index 3e11370c54e..f0c526242b6 100644 --- a/account_manager/Cargo.toml +++ b/account_manager/Cargo.toml @@ -29,3 +29,4 @@ web3 = "0.8.0" futures = "0.1.25" parity-crypto = "0.4.2" rand = "0.7.2" +rust-crypto = "0.2.36" diff --git a/account_manager/src/cipher.rs b/account_manager/src/cipher.rs new file mode 100644 index 00000000000..64b33e84914 --- /dev/null +++ b/account_manager/src/cipher.rs @@ -0,0 +1,34 @@ +use crypto::aes::{ctr, KeySize}; + +const IV_SIZE: usize = 16; + +pub struct CipherMessage { + pub cipher: C, + pub message: Vec, +} + +#[derive(Debug, PartialEq, Clone)] +pub struct Aes128Ctr { + pub iv: Vec, +} + +impl Cipher for Aes128Ctr { + fn encrypt(&self, key: &[u8], pt: &[u8]) -> Vec { + // TODO: sanity checks + let mut ct = vec![0; pt.len()]; + ctr(KeySize::KeySize128, key, &self.iv).process(pt, &mut ct); + ct + } + + fn decrypt(&self, key: &[u8], ct: &[u8]) -> Vec { + // TODO: sanity checks + let mut pt = vec![0; ct.len()]; + ctr(KeySize::KeySize128, key, &self.iv).process(ct, &mut pt); + pt + } +} + +pub trait Cipher { + fn encrypt(&self, key: &[u8], pt: &[u8]) -> Vec; + fn decrypt(&self, key: &[u8], ct: &[u8]) -> Vec; +} diff --git a/account_manager/src/kdf.rs b/account_manager/src/kdf.rs new file mode 100644 index 00000000000..13880e9c539 --- /dev/null +++ b/account_manager/src/kdf.rs @@ -0,0 +1,53 @@ +use crypto::sha2::Sha256; +use crypto::{hmac::Hmac, mac::Mac, pbkdf2, scrypt}; + +#[derive(Debug, PartialEq, Clone)] +pub enum Prf { + HmacSha256, +} + +impl Prf { + // TODO: is password what should be passed here? + pub fn mac(&self, password: &[u8]) -> impl Mac { + match &self { + _hmac_sha256 => Hmac::new(Sha256::new(), password), + } + } +} + +#[derive(Debug, PartialEq, Clone)] +pub struct Pbkdf2 { + pub c: u32, + pub dklen: u32, + pub prf: Prf, + pub salt: Vec, +} + +impl Kdf for Pbkdf2 { + fn derive_key(&self, password: &str) -> Vec { + let mut dk = [0u8; 32]; + let mut mac = self.prf.mac(password.as_bytes()); + pbkdf2::pbkdf2(&mut mac, &self.salt, self.c, &mut dk); + dk.to_vec() + } +} + +#[derive(Debug, PartialEq, Clone)] +pub struct Scrypt { + pub dklen: u32, + pub n: u32, + pub r: u32, + pub p: u32, + pub salt: Vec, +} + +impl Kdf for Scrypt { + fn derive_key(&self, password: &str) -> Vec { + unimplemented!() + } +} + +pub trait Kdf { + /// Derive the key from the password + fn derive_key(&self, password: &str) -> Vec; +} diff --git a/account_manager/src/keystore.rs b/account_manager/src/keystore.rs index 225bcc67638..89acf17ec29 100644 --- a/account_manager/src/keystore.rs +++ b/account_manager/src/keystore.rs @@ -1,89 +1,95 @@ -#[cfg(test)] -mod tests { - use parity_crypto::aes::{decrypt_128_ctr, encrypt_128_ctr}; - use parity_crypto::digest; - use parity_crypto::pbkdf2::{sha256, Salt, Secret}; - use rand::prelude::*; - use types::Keypair; +use crate::cipher::{Aes128Ctr, Cipher, CipherMessage}; +use crate::kdf::{Kdf, Pbkdf2, Prf}; +use crypto::digest::Digest; +use crypto::sha2::Sha256; - struct Keystore { - // Cipher stuff - pub cipher_message: Vec, - pub iv: Vec, - // Checksum stuff - pub checksum: Vec, - // kdf stuff - pub iterations: u32, - pub dk_len: u32, - pub salt: Vec, - } +use rand::prelude::*; - #[test] - fn test_keystore() { - let keypair = Keypair::random(); - let password = "bythepowerofgrayskull"; - // Derive decryption key from password - let iterations = 1000; - let dk_len = 32; - let salt = rand::thread_rng().gen::<[u8; 32]>(); - let mut decryption_key = [0; 32]; +#[derive(Debug, PartialEq, Clone)] +pub struct Checksum(String); + +/// Crypto +pub struct Crypto { + /// Key derivation function parameters + pub kdf: K, + /// Checksum for password verification + pub checksum: Checksum, + /// CipherParams parameters + pub cipher: CipherMessage, +} + +impl Crypto { + pub fn encrypt(password: String, secret: &[u8], kdf: K, cipher: C) -> Self { + // Generate derived key + let derived_key = kdf.derive_key(&password); + // Encrypt secret + let cipher_message = cipher.encrypt(&derived_key[0..16], secret); - // Run the kdf on the password to derive decryption key - sha256( - iterations, - Salt(&salt), - Secret(password.as_bytes()), - &mut decryption_key, - ); - // Encryption params - let iv = rand::thread_rng().gen::<[u8; 16]>(); - let mut cipher_message = vec![0; 48]; - // Encrypt bls secret key with first 16 bytes as aes key - encrypt_128_ctr( - &decryption_key[0..16], - &iv, - &keypair.sk.as_raw().as_bytes(), - &mut cipher_message, - ) - .unwrap(); // Generate checksum - let mut pre_image: Vec = decryption_key[16..32].to_owned(); // last 16 bytes of decryption key + let mut pre_image: Vec = derived_key[16..32].to_owned(); // last 16 bytes of decryption key pre_image.append(&mut cipher_message.clone()); - let checksum_message: Vec = digest::sha256(&pre_image).to_owned(); + // create a Sha256 object + let mut hasher = Sha256::new(); + hasher.input(&pre_image); + // read hash digest + let checksum = hasher.result_str(); + Crypto { + kdf, + checksum: Checksum(checksum), + cipher: CipherMessage { + cipher, + message: cipher_message, + }, + } + } - // Generate keystore - let keystore = Keystore { - cipher_message, - iv: iv.to_owned().to_vec(), - checksum: checksum_message, - iterations, - dk_len, - salt: salt.to_owned().to_vec(), - }; + pub fn decrypt(&self, password: String) -> Vec { + // Genrate derived key + let derived_key = self.kdf.derive_key(&password); + // Regenerate checksum + let mut pre_image: Vec = derived_key[16..32].to_owned(); + pre_image.append(&mut self.cipher.message.clone()); + // create a Sha256 object + let mut hasher = Sha256::new(); + hasher.input(&pre_image); + // read hash digest + let checksum = hasher.result_str(); + debug_assert_eq!(checksum, self.checksum.0); + let secret = self + .cipher + .cipher + .decrypt(&derived_key[0..16], &self.cipher.message); + return secret; + } +} + +#[cfg(test)] +mod tests { + use super::*; - // Regnerate decryption key - let mut decryption_key1 = [0; 32]; - sha256( - keystore.iterations, - Salt(&keystore.salt), - Secret(password.as_bytes()), - &mut decryption_key1, - ); - // Verify checksum - let mut dk_slice = decryption_key1[16..32].to_owned(); - dk_slice.append(&mut keystore.cipher_message.clone()); - let checksum: Vec = digest::sha256(&dk_slice).to_owned(); - assert_eq!(checksum, keystore.checksum); + #[test] + fn test_vector() { + let secret_str = "7a28b5ba57c53603b0b07b56bba752f7784bf506fa95edc395f5cf6c7514fe9d"; + let salt_str = "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3"; + let iv_str = "264daa3f303d7259501c93d997d84fe6"; + let password = "testpassword".to_string(); - // Verify receovered sk - let mut sk = vec![0; 48]; - decrypt_128_ctr( - &decryption_key[0..16], - &keystore.iv, - &keystore.cipher_message, - &mut sk, - ) - .unwrap(); - assert_eq!(sk, keypair.sk.as_raw().as_bytes()); + let salt = hex::decode(salt_str).unwrap(); + let iv = hex::decode(iv_str).unwrap(); + let kdf = Pbkdf2 { + c: 262144, + dklen: 32, + prf: Prf::HmacSha256, + salt: salt.to_vec(), + }; + let cipher = Aes128Ctr { iv: iv }; + let secret = hex::decode(secret_str).unwrap(); + let crypto = Crypto::encrypt(password.clone(), &secret, kdf, cipher); + println!("Cipher is {:?}", hex::encode(crypto.cipher.message.clone())); + println!("Checksum is {:?}", crypto.checksum); + let recovered_secret = crypto.decrypt(password); + let recovered_secret_str = hex::encode(recovered_secret); + println!("Secret is {:?}", recovered_secret_str); + assert_eq!(recovered_secret_str, secret_str); } } diff --git a/account_manager/src/main.rs b/account_manager/src/main.rs index 47018647688..10993485ad3 100644 --- a/account_manager/src/main.rs +++ b/account_manager/src/main.rs @@ -6,7 +6,9 @@ use std::path::PathBuf; use types::test_utils::generate_deterministic_keypair; use types::DepositData; use validator_client::Config as ValidatorClientConfig; +mod cipher; mod deposit; +mod kdf; mod keystore; pub const DEFAULT_DATA_DIR: &str = ".lighthouse-validator"; From 4dd39e4543517084e93cb5b521cb17906194b0a2 Mon Sep 17 00:00:00 2001 From: pawan Date: Mon, 4 Nov 2019 15:18:49 +0530 Subject: [PATCH 03/63] Committing to save trait stuff --- account_manager/Cargo.toml | 6 +- account_manager/src/cipher.rs | 18 +++- account_manager/src/kdf.rs | 114 ++++++++++++++++++++++---- account_manager/src/keystore.rs | 140 ++++++++++++++++++++++---------- account_manager/src/main.rs | 4 - account_manager/src/module.rs | 7 ++ 6 files changed, 223 insertions(+), 66 deletions(-) create mode 100644 account_manager/src/module.rs diff --git a/account_manager/Cargo.toml b/account_manager/Cargo.toml index f0c526242b6..5d50a8104b7 100644 --- a/account_manager/Cargo.toml +++ b/account_manager/Cargo.toml @@ -21,7 +21,6 @@ deposit_contract = { path = "../eth2/utils/deposit_contract" } libc = "0.2.65" eth2_ssz = { path = "../eth2/utils/ssz" } eth2_ssz_derive = { path = "../eth2/utils/ssz_derive" } -hex = "0.3" validator_client = { path = "../validator_client" } rayon = "1.2.0" eth2_testnet_config = { path = "../eth2/utils/eth2_testnet_config" } @@ -30,3 +29,8 @@ futures = "0.1.25" parity-crypto = "0.4.2" rand = "0.7.2" rust-crypto = "0.2.36" +hex = "0.4.0" +serde = { version = "1.0", features = ["derive"] } +serde_json = "1.0" + + diff --git a/account_manager/src/cipher.rs b/account_manager/src/cipher.rs index 64b33e84914..dd4ef940c8d 100644 --- a/account_manager/src/cipher.rs +++ b/account_manager/src/cipher.rs @@ -1,5 +1,5 @@ +use crate::module::CryptoModule; use crypto::aes::{ctr, KeySize}; - const IV_SIZE: usize = 16; pub struct CipherMessage { @@ -32,3 +32,19 @@ pub trait Cipher { fn encrypt(&self, key: &[u8], pt: &[u8]) -> Vec; fn decrypt(&self, key: &[u8], ct: &[u8]) -> Vec; } + +impl CryptoModule for CipherMessage { + type Params = C; + + fn function(&self) -> String { + "aes-128-ctr".to_string() + } + + fn params(&self) -> &Self::Params { + &self.cipher + } + + fn message(&self) -> Vec { + self.message.clone() + } +} diff --git a/account_manager/src/kdf.rs b/account_manager/src/kdf.rs index 13880e9c539..e660e5485d8 100644 --- a/account_manager/src/kdf.rs +++ b/account_manager/src/kdf.rs @@ -1,21 +1,9 @@ +use crate::module::CryptoModule; use crypto::sha2::Sha256; use crypto::{hmac::Hmac, mac::Mac, pbkdf2, scrypt}; +use serde::{de::DeserializeOwned, Deserialize, Serialize}; -#[derive(Debug, PartialEq, Clone)] -pub enum Prf { - HmacSha256, -} - -impl Prf { - // TODO: is password what should be passed here? - pub fn mac(&self, password: &[u8]) -> impl Mac { - match &self { - _hmac_sha256 => Hmac::new(Sha256::new(), password), - } - } -} - -#[derive(Debug, PartialEq, Clone)] +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Pbkdf2 { pub c: u32, pub dklen: u32, @@ -32,7 +20,7 @@ impl Kdf for Pbkdf2 { } } -#[derive(Debug, PartialEq, Clone)] +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Scrypt { pub dklen: u32, pub n: u32, @@ -40,14 +28,104 @@ pub struct Scrypt { pub p: u32, pub salt: Vec, } +const fn num_bits() -> usize { + std::mem::size_of::() * 8 +} + +fn log_2(x: u32) -> u32 { + assert!(x > 0); + num_bits::() as u32 - x.leading_zeros() - 1 +} impl Kdf for Scrypt { fn derive_key(&self, password: &str) -> Vec { - unimplemented!() + let mut dk = [0u8; 32]; + let params = scrypt::ScryptParams::new(log_2(self.p) as u8, self.r, self.p); + scrypt::scrypt(password.as_bytes(), &self.salt, ¶ms, &mut dk); + dk.to_vec() } } -pub trait Kdf { +pub trait Kdf: Serialize + DeserializeOwned { /// Derive the key from the password fn derive_key(&self, password: &str) -> Vec; } + +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +pub struct KdfModule { + function: String, + params: Kdf, + message: String, +} + +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +pub enum Prf { + #[serde(rename = "hmac-sha256")] + HmacSha256, +} + +impl Prf { + // TODO: is password what should be passed here? + pub fn mac(&self, password: &[u8]) -> impl Mac { + match &self { + _hmac_sha256 => Hmac::new(Sha256::new(), password), + } + } +} + +impl CryptoModule for Scrypt { + type Params = Scrypt; + + fn function(&self) -> String { + "scrypt".to_string() + } + + fn params(&self) -> &Self::Params { + &self + } + + fn message(&self) -> Vec { + Vec::new() + } +} + +impl CryptoModule for Pbkdf2 { + type Params = Pbkdf2; + + fn function(&self) -> String { + "pbkdf2".to_string() + } + + fn params(&self) -> &Self::Params { + &self + } + + fn message(&self) -> Vec { + Vec::new() + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_log() { + let scrypt = Scrypt { + dklen: 32, + n: 262144, + r: 8, + p: 1, + salt: vec![0; 32], + }; + + let p = Pbkdf2 { + dklen: 32, + c: 262144, + prf: Prf::HmacSha256, + salt: vec![0; 32], + }; + let serialized = serde_json::to_string(&p).unwrap(); + println!("{}", serialized); + } +} diff --git a/account_manager/src/keystore.rs b/account_manager/src/keystore.rs index 89acf17ec29..81d8c24dc4f 100644 --- a/account_manager/src/keystore.rs +++ b/account_manager/src/keystore.rs @@ -1,13 +1,36 @@ -use crate::cipher::{Aes128Ctr, Cipher, CipherMessage}; -use crate::kdf::{Kdf, Pbkdf2, Prf}; +use crate::cipher::{Cipher, CipherMessage}; +use crate::kdf::Kdf; +use crate::module::CryptoModule; use crypto::digest::Digest; use crypto::sha2::Sha256; -use rand::prelude::*; - #[derive(Debug, PartialEq, Clone)] pub struct Checksum(String); +impl Checksum { + pub fn gen_checksum(message: &[u8]) -> String { + let mut hasher = Sha256::new(); + hasher.input(message); + hasher.result_str() + } +} + +impl CryptoModule for Checksum { + type Params = (); + + fn function(&self) -> String { + "sha256".to_string() + } + + fn params(&self) -> &Self::Params { + &() + } + + fn message(&self) -> Vec { + self.0.as_bytes().to_vec() + } +} + /// Crypto pub struct Crypto { /// Key derivation function parameters @@ -28,11 +51,7 @@ impl Crypto { // Generate checksum let mut pre_image: Vec = derived_key[16..32].to_owned(); // last 16 bytes of decryption key pre_image.append(&mut cipher_message.clone()); - // create a Sha256 object - let mut hasher = Sha256::new(); - hasher.input(&pre_image); - // read hash digest - let checksum = hasher.result_str(); + let checksum = Checksum::gen_checksum(&pre_image); Crypto { kdf, checksum: Checksum(checksum), @@ -49,11 +68,7 @@ impl Crypto { // Regenerate checksum let mut pre_image: Vec = derived_key[16..32].to_owned(); pre_image.append(&mut self.cipher.message.clone()); - // create a Sha256 object - let mut hasher = Sha256::new(); - hasher.input(&pre_image); - // read hash digest - let checksum = hasher.result_str(); + let checksum = Checksum::gen_checksum(&pre_image); debug_assert_eq!(checksum, self.checksum.0); let secret = self .cipher @@ -63,33 +78,74 @@ impl Crypto { } } -#[cfg(test)] -mod tests { - use super::*; +// #[cfg(test)] +// mod tests { +// use super::*; +// use parity_crypto::aes::{decrypt_128_ctr, encrypt_128_ctr}; +// use parity_crypto::digest; +// use parity_crypto::pbkdf2::{sha256, Salt, Secret}; - #[test] - fn test_vector() { - let secret_str = "7a28b5ba57c53603b0b07b56bba752f7784bf506fa95edc395f5cf6c7514fe9d"; - let salt_str = "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3"; - let iv_str = "264daa3f303d7259501c93d997d84fe6"; - let password = "testpassword".to_string(); +// #[test] +// fn test_vector() { +// let secret_str = "7a28b5ba57c53603b0b07b56bba752f7784bf506fa95edc395f5cf6c7514fe9d"; +// let salt_str = "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3"; +// let iv_str = "264daa3f303d7259501c93d997d84fe6"; +// let password = "testpassword".to_string(); - let salt = hex::decode(salt_str).unwrap(); - let iv = hex::decode(iv_str).unwrap(); - let kdf = Pbkdf2 { - c: 262144, - dklen: 32, - prf: Prf::HmacSha256, - salt: salt.to_vec(), - }; - let cipher = Aes128Ctr { iv: iv }; - let secret = hex::decode(secret_str).unwrap(); - let crypto = Crypto::encrypt(password.clone(), &secret, kdf, cipher); - println!("Cipher is {:?}", hex::encode(crypto.cipher.message.clone())); - println!("Checksum is {:?}", crypto.checksum); - let recovered_secret = crypto.decrypt(password); - let recovered_secret_str = hex::encode(recovered_secret); - println!("Secret is {:?}", recovered_secret_str); - assert_eq!(recovered_secret_str, secret_str); - } -} +// let salt = hex::decode(salt_str).unwrap(); +// // let other = derive_key(password.as_bytes(), &salt, 262144, 1, 8); +// // println!("{:?}", other); +// let iv = hex::decode(iv_str).unwrap(); +// let kdf = Scrypt { +// n: 262144, +// dklen: 32, +// p: 1, +// r: 8, +// salt: salt.to_vec(), +// }; +// let dk = kdf.derive_key(&password); +// println!("Dk {}", hex::encode(dk)); +// // let cipher = Aes128Ctr { iv: iv }; +// // let secret = hex::decode(secret_str).unwrap(); +// // let crypto = Crypto::encrypt(password.clone(), &secret, kdf, cipher); +// // println!("Cipher is {:?}", hex::encode(crypto.cipher.message.clone())); +// // println!("Checksum is {:?}", crypto.checksum); +// // let recovered_secret = crypto.decrypt(password); +// // let recovered_secret_str = hex::encode(recovered_secret); +// // println!("Secret is {:?}", recovered_secret_str); +// // assert_eq!(recovered_secret_str, secret_str); +// } + +// #[test] +// fn test_keystore() { +// let password = "testpassword"; +// let secret_str = "7a28b5ba57c53603b0b07b56bba752f7784bf506fa95edc395f5cf6c7514fe9d"; +// let salt_str = "ab0c7876052600dd703518d6fc3fe8984592145b591fc8fb5c6d43190334ba19"; +// let iv_str = "264daa3f303d7259501c93d997d84fe6"; +// // Derive decryption key from password +// let iterations = 262144; +// let dk_len = 32; +// let salt = hex::decode(salt_str).unwrap(); +// let mut decryption_key = [0; 32]; +// // Run the kdf on the password to derive decryption key +// sha256( +// iterations, +// Salt(&salt), +// Secret(password.as_bytes()), +// &mut decryption_key, +// ); +// // Encryption params +// let iv = hex::decode(iv_str).unwrap(); +// let mut cipher_message = vec![0; 48]; +// let secret = hex::decode(secret_str).unwrap(); +// // Encrypt bls secret key with first 16 bytes as aes key +// encrypt_128_ctr(&decryption_key[0..16], &iv, &secret, &mut cipher_message).unwrap(); +// // Generate checksum +// let mut pre_image: Vec = decryption_key[16..32].to_owned(); // last 16 bytes of decryption key +// pre_image.append(&mut cipher_message.clone()); +// let checksum_message: Vec = digest::sha256(&pre_image).to_owned(); + +// println!("Ciphertext: {}", hex::encode(cipher_message)); +// println!("Checksum: {}", hex::encode(checksum_message)); +// } +// } diff --git a/account_manager/src/main.rs b/account_manager/src/main.rs index 10993485ad3..d22b7a2cf81 100644 --- a/account_manager/src/main.rs +++ b/account_manager/src/main.rs @@ -6,11 +6,7 @@ use std::path::PathBuf; use types::test_utils::generate_deterministic_keypair; use types::DepositData; use validator_client::Config as ValidatorClientConfig; -mod cipher; mod deposit; -mod kdf; -mod keystore; - pub const DEFAULT_DATA_DIR: &str = ".lighthouse-validator"; pub const CLIENT_CONFIG_FILENAME: &str = "account-manager.toml"; diff --git a/account_manager/src/module.rs b/account_manager/src/module.rs new file mode 100644 index 00000000000..c5830b72d06 --- /dev/null +++ b/account_manager/src/module.rs @@ -0,0 +1,7 @@ +pub trait CryptoModule { + type Params; + + fn function(&self) -> String; + fn params(&self) -> &Self::Params; + fn message(&self) -> Vec; +} From cc56ac83e3bb944d96b8429d9103025bfefce77b Mon Sep 17 00:00:00 2001 From: pawan Date: Mon, 4 Nov 2019 16:56:26 +0530 Subject: [PATCH 04/63] Working naive design --- account_manager/src/checksum.rs | 25 ++++ account_manager/src/cipher.rs | 44 +++--- account_manager/src/kdf.rs | 95 ++++--------- account_manager/src/keystore.rs | 235 +++++++++++++++----------------- 4 files changed, 178 insertions(+), 221 deletions(-) create mode 100644 account_manager/src/checksum.rs diff --git a/account_manager/src/checksum.rs b/account_manager/src/checksum.rs new file mode 100644 index 00000000000..dbbff8ddb5d --- /dev/null +++ b/account_manager/src/checksum.rs @@ -0,0 +1,25 @@ +use crypto::digest::Digest; +use crypto::sha2::Sha256; +use serde::{Deserialize, Serialize}; + +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +pub struct ChecksumModule { + pub function: String, + pub params: (), + pub message: String, +} + +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +pub struct Checksum(String); + +impl Checksum { + pub fn gen_checksum(message: &[u8]) -> String { + let mut hasher = Sha256::new(); + hasher.input(message); + hasher.result_str() + } + + pub fn function() -> String { + "sha256".to_string() + } +} diff --git a/account_manager/src/cipher.rs b/account_manager/src/cipher.rs index dd4ef940c8d..03b6c908228 100644 --- a/account_manager/src/cipher.rs +++ b/account_manager/src/cipher.rs @@ -1,26 +1,29 @@ -use crate::module::CryptoModule; use crypto::aes::{ctr, KeySize}; +use serde::{Deserialize, Serialize}; + const IV_SIZE: usize = 16; -pub struct CipherMessage { - pub cipher: C, - pub message: Vec, +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +pub struct CipherModule { + pub function: String, + pub params: Cipher, + pub message: String, } -#[derive(Debug, PartialEq, Clone)] +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Aes128Ctr { pub iv: Vec, } -impl Cipher for Aes128Ctr { - fn encrypt(&self, key: &[u8], pt: &[u8]) -> Vec { +impl Aes128Ctr { + pub fn encrypt(&self, key: &[u8], pt: &[u8]) -> Vec { // TODO: sanity checks let mut ct = vec![0; pt.len()]; ctr(KeySize::KeySize128, key, &self.iv).process(pt, &mut ct); ct } - fn decrypt(&self, key: &[u8], ct: &[u8]) -> Vec { + pub fn decrypt(&self, key: &[u8], ct: &[u8]) -> Vec { // TODO: sanity checks let mut pt = vec![0; ct.len()]; ctr(KeySize::KeySize128, key, &self.iv).process(ct, &mut pt); @@ -28,23 +31,16 @@ impl Cipher for Aes128Ctr { } } -pub trait Cipher { - fn encrypt(&self, key: &[u8], pt: &[u8]) -> Vec; - fn decrypt(&self, key: &[u8], ct: &[u8]) -> Vec; +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(untagged)] +pub enum Cipher { + Aes128Ctr(Aes128Ctr), } -impl CryptoModule for CipherMessage { - type Params = C; - - fn function(&self) -> String { - "aes-128-ctr".to_string() - } - - fn params(&self) -> &Self::Params { - &self.cipher - } - - fn message(&self) -> Vec { - self.message.clone() +impl Cipher { + pub fn function(&self) -> String { + match &self { + Cipher::Aes128Ctr(_) => "aes-128-ctr".to_string(), + } } } diff --git a/account_manager/src/kdf.rs b/account_manager/src/kdf.rs index e660e5485d8..e6c57a7d0a6 100644 --- a/account_manager/src/kdf.rs +++ b/account_manager/src/kdf.rs @@ -1,7 +1,6 @@ -use crate::module::CryptoModule; use crypto::sha2::Sha256; use crypto::{hmac::Hmac, mac::Mac, pbkdf2, scrypt}; -use serde::{de::DeserializeOwned, Deserialize, Serialize}; +use serde::{Deserialize, Serialize}; #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Pbkdf2 { @@ -11,8 +10,8 @@ pub struct Pbkdf2 { pub salt: Vec, } -impl Kdf for Pbkdf2 { - fn derive_key(&self, password: &str) -> Vec { +impl Pbkdf2 { + pub fn derive_key(&self, password: &str) -> Vec { let mut dk = [0u8; 32]; let mut mac = self.prf.mac(password.as_bytes()); pbkdf2::pbkdf2(&mut mac, &self.salt, self.c, &mut dk); @@ -37,25 +36,36 @@ fn log_2(x: u32) -> u32 { num_bits::() as u32 - x.leading_zeros() - 1 } -impl Kdf for Scrypt { - fn derive_key(&self, password: &str) -> Vec { +impl Scrypt { + pub fn derive_key(&self, password: &str) -> Vec { let mut dk = [0u8; 32]; - let params = scrypt::ScryptParams::new(log_2(self.p) as u8, self.r, self.p); + let params = scrypt::ScryptParams::new(log_2(self.n) as u8, self.r, self.p); scrypt::scrypt(password.as_bytes(), &self.salt, ¶ms, &mut dk); dk.to_vec() } } -pub trait Kdf: Serialize + DeserializeOwned { - /// Derive the key from the password - fn derive_key(&self, password: &str) -> Vec; +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(untagged)] +pub enum Kdf { + Scrypt(Scrypt), + Pbkdf2(Pbkdf2), +} + +impl Kdf { + pub fn function(&self) -> String { + match &self { + Kdf::Pbkdf2(_) => "pbkdf2".to_string(), + Kdf::Scrypt(_) => "scrypt".to_string(), + } + } } #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -pub struct KdfModule { - function: String, - params: Kdf, - message: String, +pub struct KdfModule { + pub function: String, + pub params: Kdf, + pub message: String, } #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] @@ -72,60 +82,3 @@ impl Prf { } } } - -impl CryptoModule for Scrypt { - type Params = Scrypt; - - fn function(&self) -> String { - "scrypt".to_string() - } - - fn params(&self) -> &Self::Params { - &self - } - - fn message(&self) -> Vec { - Vec::new() - } -} - -impl CryptoModule for Pbkdf2 { - type Params = Pbkdf2; - - fn function(&self) -> String { - "pbkdf2".to_string() - } - - fn params(&self) -> &Self::Params { - &self - } - - fn message(&self) -> Vec { - Vec::new() - } -} - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn test_log() { - let scrypt = Scrypt { - dklen: 32, - n: 262144, - r: 8, - p: 1, - salt: vec![0; 32], - }; - - let p = Pbkdf2 { - dklen: 32, - c: 262144, - prf: Prf::HmacSha256, - salt: vec![0; 32], - }; - let serialized = serde_json::to_string(&p).unwrap(); - println!("{}", serialized); - } -} diff --git a/account_manager/src/keystore.rs b/account_manager/src/keystore.rs index 81d8c24dc4f..bbd4b3ce727 100644 --- a/account_manager/src/keystore.rs +++ b/account_manager/src/keystore.rs @@ -1,151 +1,134 @@ -use crate::cipher::{Cipher, CipherMessage}; -use crate::kdf::Kdf; -use crate::module::CryptoModule; -use crypto::digest::Digest; -use crypto::sha2::Sha256; - -#[derive(Debug, PartialEq, Clone)] -pub struct Checksum(String); - -impl Checksum { - pub fn gen_checksum(message: &[u8]) -> String { - let mut hasher = Sha256::new(); - hasher.input(message); - hasher.result_str() - } -} - -impl CryptoModule for Checksum { - type Params = (); - - fn function(&self) -> String { - "sha256".to_string() - } - - fn params(&self) -> &Self::Params { - &() - } - - fn message(&self) -> Vec { - self.0.as_bytes().to_vec() - } -} +use crate::checksum::{Checksum, ChecksumModule}; +use crate::cipher::{Cipher, CipherModule}; +use crate::kdf::{Kdf, KdfModule}; +use serde::{Deserialize, Serialize}; /// Crypto -pub struct Crypto { - /// Key derivation function parameters - pub kdf: K, - /// Checksum for password verification - pub checksum: Checksum, - /// CipherParams parameters - pub cipher: CipherMessage, +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +pub struct Crypto { + pub kdf: KdfModule, + pub checksum: ChecksumModule, + pub cipher: CipherModule, } -impl Crypto { - pub fn encrypt(password: String, secret: &[u8], kdf: K, cipher: C) -> Self { +impl Crypto { + pub fn encrypt(password: String, secret: &[u8], kdf: Kdf, cipher: Cipher) -> Self { // Generate derived key - let derived_key = kdf.derive_key(&password); + let derived_key = match &kdf { + Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(&password), + Kdf::Scrypt(scrypt) => scrypt.derive_key(&password), + }; // Encrypt secret - let cipher_message = cipher.encrypt(&derived_key[0..16], secret); + let cipher_message = match &cipher { + Cipher::Aes128Ctr(cipher) => cipher.encrypt(&derived_key[0..16], secret), + }; // Generate checksum let mut pre_image: Vec = derived_key[16..32].to_owned(); // last 16 bytes of decryption key pre_image.append(&mut cipher_message.clone()); let checksum = Checksum::gen_checksum(&pre_image); Crypto { - kdf, - checksum: Checksum(checksum), - cipher: CipherMessage { - cipher, - message: cipher_message, + kdf: KdfModule { + function: kdf.function(), + params: kdf.clone(), + message: "".to_string(), + }, + checksum: ChecksumModule { + function: Checksum::function(), + params: (), + message: checksum, + }, + cipher: CipherModule { + function: cipher.function(), + params: cipher.clone(), + message: hex::encode(cipher_message), }, } } pub fn decrypt(&self, password: String) -> Vec { // Genrate derived key - let derived_key = self.kdf.derive_key(&password); + let derived_key = match &self.kdf.params { + Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(&password), + Kdf::Scrypt(scrypt) => scrypt.derive_key(&password), + }; // Regenerate checksum let mut pre_image: Vec = derived_key[16..32].to_owned(); - pre_image.append(&mut self.cipher.message.clone()); + pre_image.append(&mut hex::decode(self.cipher.message.clone()).unwrap()); let checksum = Checksum::gen_checksum(&pre_image); - debug_assert_eq!(checksum, self.checksum.0); - let secret = self - .cipher - .cipher - .decrypt(&derived_key[0..16], &self.cipher.message); + debug_assert_eq!(checksum, self.checksum.message); + let secret = match &self.cipher.params { + Cipher::Aes128Ctr(cipher) => cipher.decrypt( + &derived_key[0..16], + &hex::decode(self.cipher.message.clone()).unwrap(), + ), + }; return secret; } } -// #[cfg(test)] -// mod tests { -// use super::*; -// use parity_crypto::aes::{decrypt_128_ctr, encrypt_128_ctr}; -// use parity_crypto::digest; -// use parity_crypto::pbkdf2::{sha256, Salt, Secret}; - -// #[test] -// fn test_vector() { -// let secret_str = "7a28b5ba57c53603b0b07b56bba752f7784bf506fa95edc395f5cf6c7514fe9d"; -// let salt_str = "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3"; -// let iv_str = "264daa3f303d7259501c93d997d84fe6"; -// let password = "testpassword".to_string(); - -// let salt = hex::decode(salt_str).unwrap(); -// // let other = derive_key(password.as_bytes(), &salt, 262144, 1, 8); -// // println!("{:?}", other); -// let iv = hex::decode(iv_str).unwrap(); -// let kdf = Scrypt { -// n: 262144, -// dklen: 32, -// p: 1, -// r: 8, -// salt: salt.to_vec(), -// }; -// let dk = kdf.derive_key(&password); -// println!("Dk {}", hex::encode(dk)); -// // let cipher = Aes128Ctr { iv: iv }; -// // let secret = hex::decode(secret_str).unwrap(); -// // let crypto = Crypto::encrypt(password.clone(), &secret, kdf, cipher); -// // println!("Cipher is {:?}", hex::encode(crypto.cipher.message.clone())); -// // println!("Checksum is {:?}", crypto.checksum); -// // let recovered_secret = crypto.decrypt(password); -// // let recovered_secret_str = hex::encode(recovered_secret); -// // println!("Secret is {:?}", recovered_secret_str); -// // assert_eq!(recovered_secret_str, secret_str); -// } - -// #[test] -// fn test_keystore() { -// let password = "testpassword"; -// let secret_str = "7a28b5ba57c53603b0b07b56bba752f7784bf506fa95edc395f5cf6c7514fe9d"; -// let salt_str = "ab0c7876052600dd703518d6fc3fe8984592145b591fc8fb5c6d43190334ba19"; -// let iv_str = "264daa3f303d7259501c93d997d84fe6"; -// // Derive decryption key from password -// let iterations = 262144; -// let dk_len = 32; -// let salt = hex::decode(salt_str).unwrap(); -// let mut decryption_key = [0; 32]; -// // Run the kdf on the password to derive decryption key -// sha256( -// iterations, -// Salt(&salt), -// Secret(password.as_bytes()), -// &mut decryption_key, -// ); -// // Encryption params -// let iv = hex::decode(iv_str).unwrap(); -// let mut cipher_message = vec![0; 48]; -// let secret = hex::decode(secret_str).unwrap(); -// // Encrypt bls secret key with first 16 bytes as aes key -// encrypt_128_ctr(&decryption_key[0..16], &iv, &secret, &mut cipher_message).unwrap(); -// // Generate checksum -// let mut pre_image: Vec = decryption_key[16..32].to_owned(); // last 16 bytes of decryption key -// pre_image.append(&mut cipher_message.clone()); -// let checksum_message: Vec = digest::sha256(&pre_image).to_owned(); - -// println!("Ciphertext: {}", hex::encode(cipher_message)); -// println!("Checksum: {}", hex::encode(checksum_message)); -// } -// } +#[cfg(test)] +mod tests { + use super::*; + use crate::cipher::{Aes128Ctr, Cipher}; + use crate::kdf::{Kdf, Pbkdf2, Prf, Scrypt}; + + #[test] + fn test_pbkdf2() { + let secret = + hex::decode("7a28b5ba57c53603b0b07b56bba752f7784bf506fa95edc395f5cf6c7514fe9d") + .unwrap(); + let salt = hex::decode("d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3") + .unwrap(); + let iv = hex::decode("264daa3f303d7259501c93d997d84fe6").unwrap(); + let password = "testpassword".to_string(); + + let kdf = Kdf::Pbkdf2(Pbkdf2 { + dklen: 32, + c: 262144, + prf: Prf::HmacSha256, + salt: salt, + }); + + let cipher = Cipher::Aes128Ctr(Aes128Ctr { iv }); + + let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher); + let json = serde_json::to_string(&keystore).unwrap(); + println!("{}", json); + + let recovered_keystore: Crypto = serde_json::from_str(&json).unwrap(); + let recovered_secret = recovered_keystore.decrypt(password); + + assert_eq!(recovered_secret, secret); + } + + #[test] + fn test_scrypt() { + let secret = + hex::decode("7a28b5ba57c53603b0b07b56bba752f7784bf506fa95edc395f5cf6c7514fe9d") + .unwrap(); + let salt = hex::decode("d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3") + .unwrap(); + let iv = hex::decode("264daa3f303d7259501c93d997d84fe6").unwrap(); + let password = "testpassword".to_string(); + + let kdf = Kdf::Scrypt(Scrypt { + dklen: 32, + n: 262144, + r: 8, + p: 1, + salt: salt, + }); + + let cipher = Cipher::Aes128Ctr(Aes128Ctr { iv }); + + let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher); + let json = serde_json::to_string(&keystore).unwrap(); + println!("{}", json); + + let recovered_keystore: Crypto = serde_json::from_str(&json).unwrap(); + let recovered_secret = recovered_keystore.decrypt(password); + + assert_eq!(recovered_secret, secret); + } +} From f668763444bd843c5bfff17612b6071f9ad28adc Mon Sep 17 00:00:00 2001 From: pawan Date: Mon, 4 Nov 2019 17:47:41 +0530 Subject: [PATCH 05/63] Add keystore struct --- account_manager/src/keystore/mod.rs | 62 +++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 account_manager/src/keystore/mod.rs diff --git a/account_manager/src/keystore/mod.rs b/account_manager/src/keystore/mod.rs new file mode 100644 index 00000000000..b6d6f108c4b --- /dev/null +++ b/account_manager/src/keystore/mod.rs @@ -0,0 +1,62 @@ +mod checksum; +mod cipher; +mod crypto; +mod kdf; +mod module; +use crate::keystore::cipher::Cipher; +use crate::keystore::crypto::Crypto; +use crate::keystore::kdf::Kdf; +use bls::SecretKey; +use serde::{Deserialize, Serialize}; +use uuid::Uuid; + +#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] +pub enum Version { + #[serde(rename = "4")] + V4, +} + +impl Default for Version { + fn default() -> Self { + Version::V4 + } +} + +#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] +pub struct Keystore { + crypto: Crypto, + uuid: Uuid, + version: Version, +} + +impl Keystore { + pub fn to_keystore(secret_key: &SecretKey, password: String) -> Keystore { + let crypto = Crypto::encrypt( + password, + &secret_key.as_raw().as_bytes(), + Kdf::default(), + Cipher::default(), + ); + let uuid = Uuid::new_v4(); + let version = Version::default(); + Keystore { + crypto, + uuid, + version, + } + } +} + +#[cfg(test)] +mod tests { + use super::*; + use bls::Keypair; + #[test] + fn test_json() { + let keypair = Keypair::random(); + let password = "testpassword".to_string(); + let keystore = Keystore::to_keystore(&keypair.sk, password); + + println!("{}", serde_json::to_string(&keystore).unwrap()); + } +} From dfbb40aad0599dfda651c16de579031e41efd8be Mon Sep 17 00:00:00 2001 From: pawan Date: Mon, 4 Nov 2019 17:48:33 +0530 Subject: [PATCH 06/63] Move keystore files into their own module --- account_manager/Cargo.toml | 1 + .../src/{ => keystore}/checksum.rs | 0 account_manager/src/{ => keystore}/cipher.rs | 11 +++++- .../src/{keystore.rs => keystore/crypto.rs} | 26 +++++++++----- account_manager/src/{ => keystore}/kdf.rs | 35 +++++++++++++++++++ account_manager/src/{ => keystore}/module.rs | 0 account_manager/src/main.rs | 1 + 7 files changed, 65 insertions(+), 9 deletions(-) rename account_manager/src/{ => keystore}/checksum.rs (100%) rename account_manager/src/{ => keystore}/cipher.rs (82%) rename account_manager/src/{keystore.rs => keystore/crypto.rs} (86%) rename account_manager/src/{ => keystore}/kdf.rs (72%) rename account_manager/src/{ => keystore}/module.rs (100%) diff --git a/account_manager/Cargo.toml b/account_manager/Cargo.toml index 5d50a8104b7..1e9613645a3 100644 --- a/account_manager/Cargo.toml +++ b/account_manager/Cargo.toml @@ -32,5 +32,6 @@ rust-crypto = "0.2.36" hex = "0.4.0" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" +uuid = { version = "0.8", features = ["serde", "v4"] } diff --git a/account_manager/src/checksum.rs b/account_manager/src/keystore/checksum.rs similarity index 100% rename from account_manager/src/checksum.rs rename to account_manager/src/keystore/checksum.rs diff --git a/account_manager/src/cipher.rs b/account_manager/src/keystore/cipher.rs similarity index 82% rename from account_manager/src/cipher.rs rename to account_manager/src/keystore/cipher.rs index 03b6c908228..60c8a0461d4 100644 --- a/account_manager/src/cipher.rs +++ b/account_manager/src/keystore/cipher.rs @@ -1,5 +1,7 @@ use crypto::aes::{ctr, KeySize}; +use rand::prelude::*; use serde::{Deserialize, Serialize}; +use std::default::Default; const IV_SIZE: usize = 16; @@ -12,7 +14,7 @@ pub struct CipherModule { #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Aes128Ctr { - pub iv: Vec, + pub iv: [u8; 16], } impl Aes128Ctr { @@ -37,6 +39,13 @@ pub enum Cipher { Aes128Ctr(Aes128Ctr), } +impl Default for Cipher { + fn default() -> Self { + let iv = rand::thread_rng().gen::<[u8; IV_SIZE]>(); + Cipher::Aes128Ctr(Aes128Ctr { iv }) + } +} + impl Cipher { pub fn function(&self) -> String { match &self { diff --git a/account_manager/src/keystore.rs b/account_manager/src/keystore/crypto.rs similarity index 86% rename from account_manager/src/keystore.rs rename to account_manager/src/keystore/crypto.rs index bbd4b3ce727..15100935ca9 100644 --- a/account_manager/src/keystore.rs +++ b/account_manager/src/keystore/crypto.rs @@ -1,9 +1,8 @@ -use crate::checksum::{Checksum, ChecksumModule}; -use crate::cipher::{Cipher, CipherModule}; -use crate::kdf::{Kdf, KdfModule}; +use crate::keystore::checksum::{Checksum, ChecksumModule}; +use crate::keystore::cipher::{Cipher, CipherModule}; +use crate::keystore::kdf::{Kdf, KdfModule}; use serde::{Deserialize, Serialize}; -/// Crypto #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Crypto { pub kdf: KdfModule, @@ -70,8 +69,15 @@ impl Crypto { #[cfg(test)] mod tests { use super::*; - use crate::cipher::{Aes128Ctr, Cipher}; - use crate::kdf::{Kdf, Pbkdf2, Prf, Scrypt}; + use crate::keystore::cipher::{Aes128Ctr, Cipher}; + use crate::keystore::kdf::{Kdf, Pbkdf2, Prf, Scrypt}; + + fn from_slice(bytes: &[u8]) -> [u8; 16] { + let mut array = [0; 16]; + let bytes = &bytes[..array.len()]; // panics if not enough data + array.copy_from_slice(bytes); + array + } #[test] fn test_pbkdf2() { @@ -90,7 +96,9 @@ mod tests { salt: salt, }); - let cipher = Cipher::Aes128Ctr(Aes128Ctr { iv }); + let cipher = Cipher::Aes128Ctr(Aes128Ctr { + iv: from_slice(&iv), + }); let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher); let json = serde_json::to_string(&keystore).unwrap(); @@ -120,7 +128,9 @@ mod tests { salt: salt, }); - let cipher = Cipher::Aes128Ctr(Aes128Ctr { iv }); + let cipher = Cipher::Aes128Ctr(Aes128Ctr { + iv: from_slice(&iv), + }); let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher); let json = serde_json::to_string(&keystore).unwrap(); diff --git a/account_manager/src/kdf.rs b/account_manager/src/keystore/kdf.rs similarity index 72% rename from account_manager/src/kdf.rs rename to account_manager/src/keystore/kdf.rs index e6c57a7d0a6..0ecde162055 100644 --- a/account_manager/src/kdf.rs +++ b/account_manager/src/keystore/kdf.rs @@ -1,6 +1,8 @@ use crypto::sha2::Sha256; use crypto::{hmac::Hmac, mac::Mac, pbkdf2, scrypt}; +use rand::prelude::*; use serde::{Deserialize, Serialize}; +use std::default::Default; #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Pbkdf2 { @@ -9,6 +11,18 @@ pub struct Pbkdf2 { pub prf: Prf, pub salt: Vec, } +impl Default for Pbkdf2 { + // TODO: verify size of salt + fn default() -> Self { + let salt = rand::thread_rng().gen::<[u8; 32]>(); + Pbkdf2 { + dklen: 32, + c: 262144, + prf: Prf::HmacSha256, + salt: salt.to_vec(), + } + } +} impl Pbkdf2 { pub fn derive_key(&self, password: &str) -> Vec { @@ -39,12 +53,27 @@ fn log_2(x: u32) -> u32 { impl Scrypt { pub fn derive_key(&self, password: &str) -> Vec { let mut dk = [0u8; 32]; + // TODO: verify `N` is power of 2 let params = scrypt::ScryptParams::new(log_2(self.n) as u8, self.r, self.p); scrypt::scrypt(password.as_bytes(), &self.salt, ¶ms, &mut dk); dk.to_vec() } } +impl Default for Scrypt { + // TODO: verify size of salt + fn default() -> Self { + let salt = rand::thread_rng().gen::<[u8; 32]>(); + Scrypt { + dklen: 32, + n: 262144, + r: 8, + p: 1, + salt: salt.to_vec(), + } + } +} + #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] #[serde(untagged)] pub enum Kdf { @@ -52,6 +81,12 @@ pub enum Kdf { Pbkdf2(Pbkdf2), } +impl Default for Kdf { + fn default() -> Self { + Kdf::Pbkdf2(Pbkdf2::default()) + } +} + impl Kdf { pub fn function(&self) -> String { match &self { diff --git a/account_manager/src/module.rs b/account_manager/src/keystore/module.rs similarity index 100% rename from account_manager/src/module.rs rename to account_manager/src/keystore/module.rs diff --git a/account_manager/src/main.rs b/account_manager/src/main.rs index d22b7a2cf81..1a181202912 100644 --- a/account_manager/src/main.rs +++ b/account_manager/src/main.rs @@ -7,6 +7,7 @@ use types::test_utils::generate_deterministic_keypair; use types::DepositData; use validator_client::Config as ValidatorClientConfig; mod deposit; +mod keystore; pub const DEFAULT_DATA_DIR: &str = ".lighthouse-validator"; pub const CLIENT_CONFIG_FILENAME: &str = "account-manager.toml"; From d6204a5b51b40ee4e3986ef161d3e07ce4167232 Mon Sep 17 00:00:00 2001 From: pawan Date: Tue, 5 Nov 2019 01:29:28 +0530 Subject: [PATCH 07/63] Add serde (de)serialize_with magic --- account_manager/src/keystore/cipher.rs | 51 +++++++++++++++++++++++++- account_manager/src/keystore/crypto.rs | 35 +++++++++++------- account_manager/src/keystore/kdf.rs | 45 ++++++++++++++++++++++- account_manager/src/keystore/mod.rs | 8 ++-- 4 files changed, 120 insertions(+), 19 deletions(-) diff --git a/account_manager/src/keystore/cipher.rs b/account_manager/src/keystore/cipher.rs index 60c8a0461d4..c74817babfa 100644 --- a/account_manager/src/keystore/cipher.rs +++ b/account_manager/src/keystore/cipher.rs @@ -1,8 +1,15 @@ use crypto::aes::{ctr, KeySize}; use rand::prelude::*; -use serde::{Deserialize, Serialize}; +use serde::{de, Deserialize, Serialize, Serializer}; use std::default::Default; +fn from_slice(bytes: &[u8]) -> [u8; 16] { + let mut array = [0; 16]; + let bytes = &bytes[..array.len()]; // panics if not enough data + array.copy_from_slice(bytes); + array +} + const IV_SIZE: usize = 16; #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] @@ -14,6 +21,8 @@ pub struct CipherModule { #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Aes128Ctr { + #[serde(serialize_with = "serialize_iv")] + #[serde(deserialize_with = "deserialize_iv")] pub iv: [u8; 16], } @@ -33,6 +42,34 @@ impl Aes128Ctr { } } +fn serialize_iv(x: &[u8], s: S) -> Result +where + S: Serializer, +{ + s.serialize_str(&hex::encode(x)) +} + +fn deserialize_iv<'de, D>(deserializer: D) -> Result<[u8; 16], D::Error> +where + D: de::Deserializer<'de>, +{ + struct StringVisitor; + impl<'de> de::Visitor<'de> for StringVisitor { + type Value = [u8; 16]; + fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result { + formatter.write_str("String should be hex format and 16 bytes in length") + } + fn visit_str(self, v: &str) -> Result + where + E: de::Error, + { + let bytes = hex::decode(v).map_err(E::custom)?; + Ok(from_slice(&bytes)) + } + } + deserializer.deserialize_any(StringVisitor) +} + #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] #[serde(untagged)] pub enum Cipher { @@ -53,3 +90,15 @@ impl Cipher { } } } + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_serde() { + // let json = r#"{"c":262144,"dklen":32,"prf":"hmac-sha256","salt":"d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3"}"#; + // let data: Pbkdf2 = serde_json::from_str(&json).unwrap(); + // println!("{:?}", data); + } +} diff --git a/account_manager/src/keystore/crypto.rs b/account_manager/src/keystore/crypto.rs index 15100935ca9..81bee4279bd 100644 --- a/account_manager/src/keystore/crypto.rs +++ b/account_manager/src/keystore/crypto.rs @@ -11,7 +11,12 @@ pub struct Crypto { } impl Crypto { - pub fn encrypt(password: String, secret: &[u8], kdf: Kdf, cipher: Cipher) -> Self { + pub fn encrypt( + password: String, + secret: &[u8], + kdf: Kdf, + cipher: Cipher, + ) -> Result { // Generate derived key let derived_key = match &kdf { Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(&password), @@ -26,7 +31,7 @@ impl Crypto { let mut pre_image: Vec = derived_key[16..32].to_owned(); // last 16 bytes of decryption key pre_image.append(&mut cipher_message.clone()); let checksum = Checksum::gen_checksum(&pre_image); - Crypto { + Ok(Crypto { kdf: KdfModule { function: kdf.function(), params: kdf.clone(), @@ -42,10 +47,10 @@ impl Crypto { params: cipher.clone(), message: hex::encode(cipher_message), }, - } + }) } - pub fn decrypt(&self, password: String) -> Vec { + pub fn decrypt(&self, password: String) -> Result { // Genrate derived key let derived_key = match &self.kdf.params { Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(&password), @@ -53,16 +58,20 @@ impl Crypto { }; // Regenerate checksum let mut pre_image: Vec = derived_key[16..32].to_owned(); - pre_image.append(&mut hex::decode(self.cipher.message.clone()).unwrap()); + pre_image.append( + &mut hex::decode(self.cipher.message.clone()) + .map_err(|e| format!("Cipher message should be in hex: {}", e))?, + ); let checksum = Checksum::gen_checksum(&pre_image); debug_assert_eq!(checksum, self.checksum.message); let secret = match &self.cipher.params { Cipher::Aes128Ctr(cipher) => cipher.decrypt( &derived_key[0..16], - &hex::decode(self.cipher.message.clone()).unwrap(), + &hex::decode(self.cipher.message.clone()) + .map_err(|e| format!("Cipher message should be in hex: {}", e))?, ), }; - return secret; + Ok(hex::encode(secret)) } } @@ -100,14 +109,14 @@ mod tests { iv: from_slice(&iv), }); - let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher); + let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher).unwrap(); let json = serde_json::to_string(&keystore).unwrap(); println!("{}", json); let recovered_keystore: Crypto = serde_json::from_str(&json).unwrap(); - let recovered_secret = recovered_keystore.decrypt(password); + let recovered_secret = recovered_keystore.decrypt(password).unwrap(); - assert_eq!(recovered_secret, secret); + assert_eq!(hex::encode(secret), recovered_secret); } #[test] @@ -132,13 +141,13 @@ mod tests { iv: from_slice(&iv), }); - let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher); + let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher).unwrap(); let json = serde_json::to_string(&keystore).unwrap(); println!("{}", json); let recovered_keystore: Crypto = serde_json::from_str(&json).unwrap(); - let recovered_secret = recovered_keystore.decrypt(password); + let recovered_secret = recovered_keystore.decrypt(password).unwrap(); - assert_eq!(recovered_secret, secret); + assert_eq!(hex::encode(secret), recovered_secret); } } diff --git a/account_manager/src/keystore/kdf.rs b/account_manager/src/keystore/kdf.rs index 0ecde162055..52b82514951 100644 --- a/account_manager/src/keystore/kdf.rs +++ b/account_manager/src/keystore/kdf.rs @@ -1,7 +1,7 @@ use crypto::sha2::Sha256; use crypto::{hmac::Hmac, mac::Mac, pbkdf2, scrypt}; use rand::prelude::*; -use serde::{Deserialize, Serialize}; +use serde::{de, Deserialize, Serialize, Serializer}; use std::default::Default; #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] @@ -9,6 +9,8 @@ pub struct Pbkdf2 { pub c: u32, pub dklen: u32, pub prf: Prf, + #[serde(serialize_with = "serialize_salt")] + #[serde(deserialize_with = "deserialize_salt")] pub salt: Vec, } impl Default for Pbkdf2 { @@ -39,6 +41,8 @@ pub struct Scrypt { pub n: u32, pub r: u32, pub p: u32, + #[serde(serialize_with = "serialize_salt")] + #[serde(deserialize_with = "deserialize_salt")] pub salt: Vec, } const fn num_bits() -> usize { @@ -74,6 +78,33 @@ impl Default for Scrypt { } } +fn serialize_salt(x: &Vec, s: S) -> Result +where + S: Serializer, +{ + s.serialize_str(&hex::encode(x)) +} + +fn deserialize_salt<'de, D>(deserializer: D) -> Result, D::Error> +where + D: de::Deserializer<'de>, +{ + struct StringVisitor; + impl<'de> de::Visitor<'de> for StringVisitor { + type Value = Vec; + fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result { + formatter.write_str("String should be hex format") + } + fn visit_str(self, v: &str) -> Result + where + E: de::Error, + { + hex::decode(v).map_err(E::custom) + } + } + deserializer.deserialize_any(StringVisitor) +} + #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] #[serde(untagged)] pub enum Kdf { @@ -117,3 +148,15 @@ impl Prf { } } } + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_serde() { + let json = r#"{"c":262144,"dklen":32,"prf":"hmac-sha256","salt":"d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3"}"#; + let data: Pbkdf2 = serde_json::from_str(&json).unwrap(); + println!("{:?}", data); + } +} diff --git a/account_manager/src/keystore/mod.rs b/account_manager/src/keystore/mod.rs index b6d6f108c4b..a376682bee1 100644 --- a/account_manager/src/keystore/mod.rs +++ b/account_manager/src/keystore/mod.rs @@ -30,20 +30,20 @@ pub struct Keystore { } impl Keystore { - pub fn to_keystore(secret_key: &SecretKey, password: String) -> Keystore { + pub fn to_keystore(secret_key: &SecretKey, password: String) -> Result { let crypto = Crypto::encrypt( password, &secret_key.as_raw().as_bytes(), Kdf::default(), Cipher::default(), - ); + )?; let uuid = Uuid::new_v4(); let version = Version::default(); - Keystore { + Ok(Keystore { crypto, uuid, version, - } + }) } } From 9716c4110a0be7782f8bc0cda783a8502a3cbce3 Mon Sep 17 00:00:00 2001 From: pawan Date: Tue, 5 Nov 2019 11:29:31 +0530 Subject: [PATCH 08/63] Add keystore test --- account_manager/src/keystore/checksum.rs | 3 ++- account_manager/src/keystore/cipher.rs | 8 ++++---- account_manager/src/keystore/crypto.rs | 11 ++++++----- account_manager/src/keystore/mod.rs | 17 ++++++++++++++--- 4 files changed, 26 insertions(+), 13 deletions(-) diff --git a/account_manager/src/keystore/checksum.rs b/account_manager/src/keystore/checksum.rs index dbbff8ddb5d..0ca759db66a 100644 --- a/account_manager/src/keystore/checksum.rs +++ b/account_manager/src/keystore/checksum.rs @@ -1,11 +1,12 @@ use crypto::digest::Digest; use crypto::sha2::Sha256; use serde::{Deserialize, Serialize}; +use std::collections::BTreeMap; #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct ChecksumModule { pub function: String, - pub params: (), + pub params: BTreeMap<(), ()>, // TODO: need a better way to encode empty json object pub message: String, } diff --git a/account_manager/src/keystore/cipher.rs b/account_manager/src/keystore/cipher.rs index c74817babfa..02fbcdc0dfe 100644 --- a/account_manager/src/keystore/cipher.rs +++ b/account_manager/src/keystore/cipher.rs @@ -3,15 +3,15 @@ use rand::prelude::*; use serde::{de, Deserialize, Serialize, Serializer}; use std::default::Default; -fn from_slice(bytes: &[u8]) -> [u8; 16] { - let mut array = [0; 16]; +const IV_SIZE: usize = 16; + +fn from_slice(bytes: &[u8]) -> [u8; IV_SIZE] { + let mut array = [0; IV_SIZE]; let bytes = &bytes[..array.len()]; // panics if not enough data array.copy_from_slice(bytes); array } -const IV_SIZE: usize = 16; - #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct CipherModule { pub function: String, diff --git a/account_manager/src/keystore/crypto.rs b/account_manager/src/keystore/crypto.rs index 81bee4279bd..d8159a6128f 100644 --- a/account_manager/src/keystore/crypto.rs +++ b/account_manager/src/keystore/crypto.rs @@ -2,6 +2,7 @@ use crate::keystore::checksum::{Checksum, ChecksumModule}; use crate::keystore::cipher::{Cipher, CipherModule}; use crate::keystore::kdf::{Kdf, KdfModule}; use serde::{Deserialize, Serialize}; +use std::collections::BTreeMap; #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Crypto { @@ -39,7 +40,7 @@ impl Crypto { }, checksum: ChecksumModule { function: Checksum::function(), - params: (), + params: BTreeMap::new(), message: checksum, }, cipher: CipherModule { @@ -50,7 +51,7 @@ impl Crypto { }) } - pub fn decrypt(&self, password: String) -> Result { + pub fn decrypt(&self, password: String) -> Result, String> { // Genrate derived key let derived_key = match &self.kdf.params { Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(&password), @@ -71,7 +72,7 @@ impl Crypto { .map_err(|e| format!("Cipher message should be in hex: {}", e))?, ), }; - Ok(hex::encode(secret)) + Ok(secret) } } @@ -116,7 +117,7 @@ mod tests { let recovered_keystore: Crypto = serde_json::from_str(&json).unwrap(); let recovered_secret = recovered_keystore.decrypt(password).unwrap(); - assert_eq!(hex::encode(secret), recovered_secret); + assert_eq!(secret, recovered_secret); } #[test] @@ -148,6 +149,6 @@ mod tests { let recovered_keystore: Crypto = serde_json::from_str(&json).unwrap(); let recovered_secret = recovered_keystore.decrypt(password).unwrap(); - assert_eq!(hex::encode(secret), recovered_secret); + assert_eq!(secret, recovered_secret); } } diff --git a/account_manager/src/keystore/mod.rs b/account_manager/src/keystore/mod.rs index a376682bee1..ca25adbee5b 100644 --- a/account_manager/src/keystore/mod.rs +++ b/account_manager/src/keystore/mod.rs @@ -45,6 +45,13 @@ impl Keystore { version, }) } + + pub fn from_keystore(keystore_str: String, password: String) -> Result { + let keystore: Keystore = serde_json::from_str(&keystore_str) + .map_err(|e| format!("Keystore file invalid: {}", e))?; + let sk = keystore.crypto.decrypt(password)?; + SecretKey::from_bytes(&sk).map_err(|e| format!("Invalid secret key {:?}", e)) + } } #[cfg(test)] @@ -52,11 +59,15 @@ mod tests { use super::*; use bls::Keypair; #[test] - fn test_json() { + fn test_keystore() { let keypair = Keypair::random(); let password = "testpassword".to_string(); - let keystore = Keystore::to_keystore(&keypair.sk, password); + let keystore = Keystore::to_keystore(&keypair.sk, password.clone()).unwrap(); + + let json_str = serde_json::to_string(&keystore).unwrap(); + println!("{}", json_str); - println!("{}", serde_json::to_string(&keystore).unwrap()); + let sk = Keystore::from_keystore(json_str, password).unwrap(); + assert_eq!(sk, keypair.sk); } } From d80131626a695efa256f92078487cd670772da28 Mon Sep 17 00:00:00 2001 From: pawan Date: Tue, 5 Nov 2019 12:13:12 +0530 Subject: [PATCH 09/63] Fix tests --- account_manager/src/keystore/cipher.rs | 12 ------------ account_manager/src/keystore/crypto.rs | 17 ++++++++++++++--- account_manager/src/keystore/kdf.rs | 12 ------------ 3 files changed, 14 insertions(+), 27 deletions(-) diff --git a/account_manager/src/keystore/cipher.rs b/account_manager/src/keystore/cipher.rs index 02fbcdc0dfe..1cc892f49a6 100644 --- a/account_manager/src/keystore/cipher.rs +++ b/account_manager/src/keystore/cipher.rs @@ -90,15 +90,3 @@ impl Cipher { } } } - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn test_serde() { - // let json = r#"{"c":262144,"dklen":32,"prf":"hmac-sha256","salt":"d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3"}"#; - // let data: Pbkdf2 = serde_json::from_str(&json).unwrap(); - // println!("{:?}", data); - } -} diff --git a/account_manager/src/keystore/crypto.rs b/account_manager/src/keystore/crypto.rs index d8159a6128f..c85536c8154 100644 --- a/account_manager/src/keystore/crypto.rs +++ b/account_manager/src/keystore/crypto.rs @@ -27,7 +27,6 @@ impl Crypto { let cipher_message = match &cipher { Cipher::Aes128Ctr(cipher) => cipher.encrypt(&derived_key[0..16], secret), }; - // Generate checksum let mut pre_image: Vec = derived_key[16..32].to_owned(); // last 16 bytes of decryption key pre_image.append(&mut cipher_message.clone()); @@ -92,8 +91,10 @@ mod tests { #[test] fn test_pbkdf2() { let secret = - hex::decode("7a28b5ba57c53603b0b07b56bba752f7784bf506fa95edc395f5cf6c7514fe9d") + hex::decode("000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f") .unwrap(); + let expected_checksum = "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8"; + let expected_cipher = "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48"; let salt = hex::decode("d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3") .unwrap(); let iv = hex::decode("264daa3f303d7259501c93d997d84fe6").unwrap(); @@ -111,6 +112,10 @@ mod tests { }); let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher).unwrap(); + + assert_eq!(expected_checksum, keystore.checksum.message); + assert_eq!(expected_cipher, keystore.cipher.message); + let json = serde_json::to_string(&keystore).unwrap(); println!("{}", json); @@ -123,8 +128,10 @@ mod tests { #[test] fn test_scrypt() { let secret = - hex::decode("7a28b5ba57c53603b0b07b56bba752f7784bf506fa95edc395f5cf6c7514fe9d") + hex::decode("000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f") .unwrap(); + let expected_checksum = "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb"; + let expected_cipher = "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30"; let salt = hex::decode("d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3") .unwrap(); let iv = hex::decode("264daa3f303d7259501c93d997d84fe6").unwrap(); @@ -143,6 +150,10 @@ mod tests { }); let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher).unwrap(); + + assert_eq!(expected_checksum, keystore.checksum.message); + assert_eq!(expected_cipher, keystore.cipher.message); + let json = serde_json::to_string(&keystore).unwrap(); println!("{}", json); diff --git a/account_manager/src/keystore/kdf.rs b/account_manager/src/keystore/kdf.rs index 52b82514951..02941b48568 100644 --- a/account_manager/src/keystore/kdf.rs +++ b/account_manager/src/keystore/kdf.rs @@ -148,15 +148,3 @@ impl Prf { } } } - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn test_serde() { - let json = r#"{"c":262144,"dklen":32,"prf":"hmac-sha256","salt":"d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3"}"#; - let data: Pbkdf2 = serde_json::from_str(&json).unwrap(); - println!("{:?}", data); - } -} From 30027b1a57103c30a26ec69a71af0114fb63ed98 Mon Sep 17 00:00:00 2001 From: pawan Date: Tue, 5 Nov 2019 17:16:21 +0530 Subject: [PATCH 10/63] Add comments and minor fixes --- account_manager/src/keystore/checksum.rs | 2 + account_manager/src/keystore/cipher.rs | 7 +++- account_manager/src/keystore/crypto.rs | 30 ++++++++------ account_manager/src/keystore/kdf.rs | 51 +++++++++++++++--------- account_manager/src/keystore/mod.rs | 40 +++++++++++-------- account_manager/src/keystore/module.rs | 7 ---- 6 files changed, 82 insertions(+), 55 deletions(-) delete mode 100644 account_manager/src/keystore/module.rs diff --git a/account_manager/src/keystore/checksum.rs b/account_manager/src/keystore/checksum.rs index 0ca759db66a..4edcf191d47 100644 --- a/account_manager/src/keystore/checksum.rs +++ b/account_manager/src/keystore/checksum.rs @@ -3,6 +3,7 @@ use crypto::sha2::Sha256; use serde::{Deserialize, Serialize}; use std::collections::BTreeMap; +/// Checksum module for `Keystore`. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct ChecksumModule { pub function: String, @@ -14,6 +15,7 @@ pub struct ChecksumModule { pub struct Checksum(String); impl Checksum { + /// Generate checksum using checksum function. pub fn gen_checksum(message: &[u8]) -> String { let mut hasher = Sha256::new(); hasher.input(message); diff --git a/account_manager/src/keystore/cipher.rs b/account_manager/src/keystore/cipher.rs index 1cc892f49a6..40d03eb38f3 100644 --- a/account_manager/src/keystore/cipher.rs +++ b/account_manager/src/keystore/cipher.rs @@ -5,6 +5,7 @@ use std::default::Default; const IV_SIZE: usize = 16; +/// Convert slice to fixed length array. fn from_slice(bytes: &[u8]) -> [u8; IV_SIZE] { let mut array = [0; IV_SIZE]; let bytes = &bytes[..array.len()]; // panics if not enough data @@ -12,6 +13,7 @@ fn from_slice(bytes: &[u8]) -> [u8; IV_SIZE] { array } +/// Cipher module representation. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct CipherModule { pub function: String, @@ -19,6 +21,7 @@ pub struct CipherModule { pub message: String, } +/// Parameters for AES128 with ctr mode. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Aes128Ctr { #[serde(serialize_with = "serialize_iv")] @@ -42,6 +45,7 @@ impl Aes128Ctr { } } +/// Serialize `iv` to its hex representation. fn serialize_iv(x: &[u8], s: S) -> Result where S: Serializer, @@ -49,13 +53,14 @@ where s.serialize_str(&hex::encode(x)) } +/// Deserialize `iv` from its hex representation to bytes. fn deserialize_iv<'de, D>(deserializer: D) -> Result<[u8; 16], D::Error> where D: de::Deserializer<'de>, { struct StringVisitor; impl<'de> de::Visitor<'de> for StringVisitor { - type Value = [u8; 16]; + type Value = [u8; IV_SIZE]; fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result { formatter.write_str("String should be hex format and 16 bytes in length") } diff --git a/account_manager/src/keystore/crypto.rs b/account_manager/src/keystore/crypto.rs index c85536c8154..17cbdc06e59 100644 --- a/account_manager/src/keystore/crypto.rs +++ b/account_manager/src/keystore/crypto.rs @@ -4,6 +4,7 @@ use crate::keystore::kdf::{Kdf, KdfModule}; use serde::{Deserialize, Serialize}; use std::collections::BTreeMap; +/// Crypto module for keystore. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Crypto { pub kdf: KdfModule, @@ -12,12 +13,9 @@ pub struct Crypto { } impl Crypto { - pub fn encrypt( - password: String, - secret: &[u8], - kdf: Kdf, - cipher: Cipher, - ) -> Result { + /// Generate crypto module for `Keystore` given the password, + /// secret to encrypt, kdf params and cipher params. + pub fn encrypt(password: String, secret: &[u8], kdf: Kdf, cipher: Cipher) -> Self { // Generate derived key let derived_key = match &kdf { Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(&password), @@ -28,10 +26,10 @@ impl Crypto { Cipher::Aes128Ctr(cipher) => cipher.encrypt(&derived_key[0..16], secret), }; // Generate checksum - let mut pre_image: Vec = derived_key[16..32].to_owned(); // last 16 bytes of decryption key + let mut pre_image: Vec = derived_key[16..32].to_owned(); pre_image.append(&mut cipher_message.clone()); let checksum = Checksum::gen_checksum(&pre_image); - Ok(Crypto { + Crypto { kdf: KdfModule { function: kdf.function(), params: kdf.clone(), @@ -47,9 +45,13 @@ impl Crypto { params: cipher.clone(), message: hex::encode(cipher_message), }, - }) + } } + /// Recover the secret present in the Keystore given the correct password. + /// + /// An error will be returned if `cipher.message` is not in hex format or + /// if password is incorrect. pub fn decrypt(&self, password: String) -> Result, String> { // Genrate derived key let derived_key = match &self.kdf.params { @@ -63,7 +65,11 @@ impl Crypto { .map_err(|e| format!("Cipher message should be in hex: {}", e))?, ); let checksum = Checksum::gen_checksum(&pre_image); - debug_assert_eq!(checksum, self.checksum.message); + + // `password` is incorrect if checksums don't match + if checksum != self.checksum.message { + return Err("Incorrect password. Checksum does not match".into()); + } let secret = match &self.cipher.params { Cipher::Aes128Ctr(cipher) => cipher.decrypt( &derived_key[0..16], @@ -111,7 +117,7 @@ mod tests { iv: from_slice(&iv), }); - let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher).unwrap(); + let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher); assert_eq!(expected_checksum, keystore.checksum.message); assert_eq!(expected_cipher, keystore.cipher.message); @@ -149,7 +155,7 @@ mod tests { iv: from_slice(&iv), }); - let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher).unwrap(); + let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher); assert_eq!(expected_checksum, keystore.checksum.message); assert_eq!(expected_cipher, keystore.cipher.message); diff --git a/account_manager/src/keystore/kdf.rs b/account_manager/src/keystore/kdf.rs index 02941b48568..3039b1b6527 100644 --- a/account_manager/src/keystore/kdf.rs +++ b/account_manager/src/keystore/kdf.rs @@ -4,6 +4,11 @@ use rand::prelude::*; use serde::{de, Deserialize, Serialize, Serializer}; use std::default::Default; +// TODO: verify size of salt +const SALT_SIZE: usize = 32; +const DECRYPTION_KEY_SIZE: u32 = 32; + +/// Parameters for `pbkdf2` key derivation. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Pbkdf2 { pub c: u32, @@ -14,27 +19,28 @@ pub struct Pbkdf2 { pub salt: Vec, } impl Default for Pbkdf2 { - // TODO: verify size of salt fn default() -> Self { - let salt = rand::thread_rng().gen::<[u8; 32]>(); + let salt = rand::thread_rng().gen::<[u8; SALT_SIZE]>(); Pbkdf2 { - dklen: 32, + dklen: DECRYPTION_KEY_SIZE, c: 262144, - prf: Prf::HmacSha256, + prf: Prf::default(), salt: salt.to_vec(), } } } impl Pbkdf2 { + /// Derive key from password. pub fn derive_key(&self, password: &str) -> Vec { - let mut dk = [0u8; 32]; + let mut dk = [0u8; DECRYPTION_KEY_SIZE as usize]; let mut mac = self.prf.mac(password.as_bytes()); pbkdf2::pbkdf2(&mut mac, &self.salt, self.c, &mut dk); dk.to_vec() } } +/// Parameters for `scrypt` key derivation. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct Scrypt { pub dklen: u32, @@ -45,31 +51,31 @@ pub struct Scrypt { #[serde(deserialize_with = "deserialize_salt")] pub salt: Vec, } -const fn num_bits() -> usize { - std::mem::size_of::() * 8 -} -fn log_2(x: u32) -> u32 { - assert!(x > 0); - num_bits::() as u32 - x.leading_zeros() - 1 +/// Compute floor of log2 of a u32. +fn log2_int(x: u32) -> u32 { + if x == 0 { + return 0; + } + 31 - x.leading_zeros() } impl Scrypt { pub fn derive_key(&self, password: &str) -> Vec { - let mut dk = [0u8; 32]; - // TODO: verify `N` is power of 2 - let params = scrypt::ScryptParams::new(log_2(self.n) as u8, self.r, self.p); + let mut dk = [0u8; DECRYPTION_KEY_SIZE as usize]; + // Assert that `n` is power of 2 + debug_assert_eq!(self.n, 2u32.pow(log2_int(self.n))); + let params = scrypt::ScryptParams::new(log2_int(self.n) as u8, self.r, self.p); scrypt::scrypt(password.as_bytes(), &self.salt, ¶ms, &mut dk); dk.to_vec() } } impl Default for Scrypt { - // TODO: verify size of salt fn default() -> Self { - let salt = rand::thread_rng().gen::<[u8; 32]>(); + let salt = rand::thread_rng().gen::<[u8; SALT_SIZE]>(); Scrypt { - dklen: 32, + dklen: DECRYPTION_KEY_SIZE, n: 262144, r: 8, p: 1, @@ -78,6 +84,7 @@ impl Default for Scrypt { } } +/// Serialize `salt` to its hex representation. fn serialize_salt(x: &Vec, s: S) -> Result where S: Serializer, @@ -85,6 +92,7 @@ where s.serialize_str(&hex::encode(x)) } +/// Deserialize `salt` from its hex representation to bytes. fn deserialize_salt<'de, D>(deserializer: D) -> Result, D::Error> where D: de::Deserializer<'de>, @@ -127,6 +135,7 @@ impl Kdf { } } +/// KDF module representation. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct KdfModule { pub function: String, @@ -134,6 +143,7 @@ pub struct KdfModule { pub message: String, } +/// PRF for use in `pbkdf2`. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub enum Prf { #[serde(rename = "hmac-sha256")] @@ -141,10 +151,15 @@ pub enum Prf { } impl Prf { - // TODO: is password what should be passed here? pub fn mac(&self, password: &[u8]) -> impl Mac { match &self { _hmac_sha256 => Hmac::new(Sha256::new(), password), } } } + +impl Default for Prf { + fn default() -> Self { + Prf::HmacSha256 + } +} diff --git a/account_manager/src/keystore/mod.rs b/account_manager/src/keystore/mod.rs index ca25adbee5b..41846a84e44 100644 --- a/account_manager/src/keystore/mod.rs +++ b/account_manager/src/keystore/mod.rs @@ -2,14 +2,14 @@ mod checksum; mod cipher; mod crypto; mod kdf; -mod module; use crate::keystore::cipher::Cipher; use crate::keystore::crypto::Crypto; use crate::keystore::kdf::Kdf; -use bls::SecretKey; +use bls::{Keypair, PublicKey, SecretKey}; use serde::{Deserialize, Serialize}; use uuid::Uuid; +/// Version for `Keystore`. #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] pub enum Version { #[serde(rename = "4")] @@ -30,27 +30,34 @@ pub struct Keystore { } impl Keystore { - pub fn to_keystore(secret_key: &SecretKey, password: String) -> Result { + /// Generate `Keystore` object for a BLS12-381 secret key from a + /// keypair and password. + pub fn to_keystore(keypair: &Keypair, password: String) -> Self { let crypto = Crypto::encrypt( password, - &secret_key.as_raw().as_bytes(), + &keypair.sk.as_raw().as_bytes(), Kdf::default(), Cipher::default(), - )?; + ); let uuid = Uuid::new_v4(); let version = Version::default(); - Ok(Keystore { + Keystore { crypto, uuid, version, - }) + } } - pub fn from_keystore(keystore_str: String, password: String) -> Result { - let keystore: Keystore = serde_json::from_str(&keystore_str) - .map_err(|e| format!("Keystore file invalid: {}", e))?; - let sk = keystore.crypto.decrypt(password)?; - SecretKey::from_bytes(&sk).map_err(|e| format!("Invalid secret key {:?}", e)) + /// Regenerate a BLS12-381 `Keypair` given the `Keystore` object and + /// the correct password. + /// + /// An error is returned if the secret in the `Keystore` is not a valid + /// BLS12-381 secret key or if the password provided is incorrect. + pub fn from_keystore(&self, password: String) -> Result { + let sk = SecretKey::from_bytes(&self.crypto.decrypt(password)?) + .map_err(|e| format!("Invalid secret key in keystore {:?}", e))?; + let pk = PublicKey::from_secret_key(&sk); + Ok(Keypair { sk, pk }) } } @@ -62,12 +69,11 @@ mod tests { fn test_keystore() { let keypair = Keypair::random(); let password = "testpassword".to_string(); - let keystore = Keystore::to_keystore(&keypair.sk, password.clone()).unwrap(); + let keystore = Keystore::to_keystore(&keypair, password.clone()); let json_str = serde_json::to_string(&keystore).unwrap(); - println!("{}", json_str); - - let sk = Keystore::from_keystore(json_str, password).unwrap(); - assert_eq!(sk, keypair.sk); + let recovered_keystore: Keystore = serde_json::from_str(&json_str).unwrap(); + let recovered_keypair = recovered_keystore.from_keystore(password).unwrap(); + assert_eq!(keypair, recovered_keypair); } } diff --git a/account_manager/src/keystore/module.rs b/account_manager/src/keystore/module.rs deleted file mode 100644 index c5830b72d06..00000000000 --- a/account_manager/src/keystore/module.rs +++ /dev/null @@ -1,7 +0,0 @@ -pub trait CryptoModule { - type Params; - - fn function(&self) -> String; - fn params(&self) -> &Self::Params; - fn message(&self) -> Vec; -} From 5f4dddfb19bc3caf90a3ec50fae1eadcde51c6a5 Mon Sep 17 00:00:00 2001 From: pawan Date: Tue, 5 Nov 2019 17:37:26 +0530 Subject: [PATCH 11/63] Pass optional params to `to_keystore` function --- account_manager/src/keystore/mod.rs | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/account_manager/src/keystore/mod.rs b/account_manager/src/keystore/mod.rs index 41846a84e44..c8b6ecb473b 100644 --- a/account_manager/src/keystore/mod.rs +++ b/account_manager/src/keystore/mod.rs @@ -31,13 +31,18 @@ pub struct Keystore { impl Keystore { /// Generate `Keystore` object for a BLS12-381 secret key from a - /// keypair and password. - pub fn to_keystore(keypair: &Keypair, password: String) -> Self { + /// keypair and password. Optionally, provide params for kdf and cipher. + pub fn to_keystore( + keypair: &Keypair, + password: String, + kdf: Option, + cipher: Option, + ) -> Self { let crypto = Crypto::encrypt( password, &keypair.sk.as_raw().as_bytes(), - Kdf::default(), - Cipher::default(), + kdf.unwrap_or_default(), + cipher.unwrap_or_default(), ); let uuid = Uuid::new_v4(); let version = Version::default(); @@ -69,7 +74,7 @@ mod tests { fn test_keystore() { let keypair = Keypair::random(); let password = "testpassword".to_string(); - let keystore = Keystore::to_keystore(&keypair, password.clone()); + let keystore = Keystore::to_keystore(&keypair, password.clone(), None, None); let json_str = serde_json::to_string(&keystore).unwrap(); let recovered_keystore: Keystore = serde_json::from_str(&json_str).unwrap(); From 3fe10a7d8e8befe3c01efd53ae583a1e7d868993 Mon Sep 17 00:00:00 2001 From: pawan Date: Wed, 6 Nov 2019 11:25:03 +0530 Subject: [PATCH 12/63] Add `path` field to keystore --- account_manager/src/keystore/mod.rs | 8 ++++++++ account_manager/src/main.rs | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/account_manager/src/keystore/mod.rs b/account_manager/src/keystore/mod.rs index c8b6ecb473b..574d7245efd 100644 --- a/account_manager/src/keystore/mod.rs +++ b/account_manager/src/keystore/mod.rs @@ -7,6 +7,8 @@ use crate::keystore::crypto::Crypto; use crate::keystore::kdf::Kdf; use bls::{Keypair, PublicKey, SecretKey}; use serde::{Deserialize, Serialize}; +use std::fs::File; +use std::path::PathBuf; use uuid::Uuid; /// Version for `Keystore`. @@ -22,10 +24,14 @@ impl Default for Version { } } +/// TODO: Implement `path` according to +/// https://github.com/ethereum/EIPs/blob/de52c7ef2e44f2ab95d6aa4b90245c3c969aaf9f/EIPS/eip-2334.md +/// For now, `path` is set to en empty string. #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] pub struct Keystore { crypto: Crypto, uuid: Uuid, + path: String, version: Version, } @@ -46,9 +52,11 @@ impl Keystore { ); let uuid = Uuid::new_v4(); let version = Version::default(); + let path = "".to_string(); Keystore { crypto, uuid, + path, version, } } diff --git a/account_manager/src/main.rs b/account_manager/src/main.rs index 1a181202912..b3e2f297ee0 100644 --- a/account_manager/src/main.rs +++ b/account_manager/src/main.rs @@ -7,7 +7,7 @@ use types::test_utils::generate_deterministic_keypair; use types::DepositData; use validator_client::Config as ValidatorClientConfig; mod deposit; -mod keystore; +pub mod keystore; pub const DEFAULT_DATA_DIR: &str = ".lighthouse-validator"; pub const CLIENT_CONFIG_FILENAME: &str = "account-manager.toml"; From 3238325879e34bbec91ce7c092e47e07e8f5a9b3 Mon Sep 17 00:00:00 2001 From: pawan Date: Wed, 6 Nov 2019 11:25:45 +0530 Subject: [PATCH 13/63] Add function to read Keystore from file --- account_manager/src/keystore/mod.rs | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/account_manager/src/keystore/mod.rs b/account_manager/src/keystore/mod.rs index 574d7245efd..fa888d3ed45 100644 --- a/account_manager/src/keystore/mod.rs +++ b/account_manager/src/keystore/mod.rs @@ -61,12 +61,26 @@ impl Keystore { } } + /// Regenerate a BLS12-381 `Keypair` given path to the keystore file and + /// the correct password. + /// + /// An error is returned if the secret in the file does not contain a valid + /// `Keystore` or if the secret contained is not a + /// BLS12-381 secret key or if the password provided is incorrect. + pub fn read_keystore_file(keystore_path: PathBuf, password: String) -> Result { + let mut key_file = File::open(keystore_path.clone()) + .map_err(|e| format!("Unable to open keystore file: {}", e))?; + let keystore: Keystore = serde_json::from_reader(&mut key_file) + .map_err(|e| format!("Invalid keystore format: {:?}", e))?; + keystore.from_keystore(password) + } + /// Regenerate a BLS12-381 `Keypair` given the `Keystore` object and /// the correct password. /// /// An error is returned if the secret in the `Keystore` is not a valid /// BLS12-381 secret key or if the password provided is incorrect. - pub fn from_keystore(&self, password: String) -> Result { + fn from_keystore(&self, password: String) -> Result { let sk = SecretKey::from_bytes(&self.crypto.decrypt(password)?) .map_err(|e| format!("Invalid secret key in keystore {:?}", e))?; let pk = PublicKey::from_secret_key(&sk); From b78c9fdd7e3bc5d4cc53358a9048145e7fe68bae Mon Sep 17 00:00:00 2001 From: pawan Date: Wed, 6 Nov 2019 13:15:39 +0530 Subject: [PATCH 14/63] Add test vectors and fix Version serialization --- account_manager/Cargo.toml | 1 + account_manager/src/keystore/mod.rs | 104 ++++++++++++++++++++++------ 2 files changed, 85 insertions(+), 20 deletions(-) diff --git a/account_manager/Cargo.toml b/account_manager/Cargo.toml index 1e9613645a3..b6452f170f4 100644 --- a/account_manager/Cargo.toml +++ b/account_manager/Cargo.toml @@ -32,6 +32,7 @@ rust-crypto = "0.2.36" hex = "0.4.0" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" +serde_repr = "0.1" uuid = { version = "0.8", features = ["serde", "v4"] } diff --git a/account_manager/src/keystore/mod.rs b/account_manager/src/keystore/mod.rs index fa888d3ed45..317c174e0aa 100644 --- a/account_manager/src/keystore/mod.rs +++ b/account_manager/src/keystore/mod.rs @@ -7,15 +7,16 @@ use crate::keystore::crypto::Crypto; use crate::keystore::kdf::Kdf; use bls::{Keypair, PublicKey, SecretKey}; use serde::{Deserialize, Serialize}; +use serde_repr::*; use std::fs::File; use std::path::PathBuf; use uuid::Uuid; /// Version for `Keystore`. -#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] +#[derive(Debug, Clone, PartialEq, Serialize_repr, Deserialize_repr)] +#[repr(u8)] pub enum Version { - #[serde(rename = "4")] - V4, + V4 = 4, } impl Default for Version { @@ -72,35 +73,98 @@ impl Keystore { .map_err(|e| format!("Unable to open keystore file: {}", e))?; let keystore: Keystore = serde_json::from_reader(&mut key_file) .map_err(|e| format!("Invalid keystore format: {:?}", e))?; - keystore.from_keystore(password) + let sk = SecretKey::from_bytes(&keystore.from_keystore(password)?) + .map_err(|e| format!("Invalid secret key in keystore {:?}", e))?; + let pk = PublicKey::from_secret_key(&sk); + Ok(Keypair { sk, pk }) } - /// Regenerate a BLS12-381 `Keypair` given the `Keystore` object and + /// Regenerate keystore secret from given the `Keystore` object and /// the correct password. /// - /// An error is returned if the secret in the `Keystore` is not a valid - /// BLS12-381 secret key or if the password provided is incorrect. - fn from_keystore(&self, password: String) -> Result { - let sk = SecretKey::from_bytes(&self.crypto.decrypt(password)?) - .map_err(|e| format!("Invalid secret key in keystore {:?}", e))?; - let pk = PublicKey::from_secret_key(&sk); - Ok(Keypair { sk, pk }) + /// An error is returned if the password provided is incorrect or if + /// keystore does not contain valid hex strings. + fn from_keystore(&self, password: String) -> Result, String> { + Ok(self.crypto.decrypt(password)?) } } #[cfg(test)] mod tests { use super::*; - use bls::Keypair; #[test] - fn test_keystore() { - let keypair = Keypair::random(); + fn test_vectors() { + let expected_secret = "000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f"; let password = "testpassword".to_string(); - let keystore = Keystore::to_keystore(&keypair, password.clone(), None, None); + let scrypt_test_vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; - let json_str = serde_json::to_string(&keystore).unwrap(); - let recovered_keystore: Keystore = serde_json::from_str(&json_str).unwrap(); - let recovered_keypair = recovered_keystore.from_keystore(password).unwrap(); - assert_eq!(keypair, recovered_keypair); + let pbkdf2_test_vector = r#" + { + "crypto": { + "kdf": { + "function": "pbkdf2", + "params": { + "dklen": 32, + "c": 262144, + "prf": "hmac-sha256", + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48" + } + }, + "path": "m/12381/60/0/0", + "uuid": "64625def-3331-4eea-ab6f-782f3ed16a83", + "version": 4 + } + "#; + let test_vectors = vec![scrypt_test_vector, pbkdf2_test_vector]; + for test in test_vectors { + let keystore: Keystore = serde_json::from_str(test).unwrap(); + let secret = keystore.from_keystore(password.clone()).unwrap(); + assert_eq!(secret, hex::decode(expected_secret).unwrap()) + } } } From 7ebe307df62b06105aab161a0180e1205b3e955e Mon Sep 17 00:00:00 2001 From: pawan Date: Thu, 7 Nov 2019 16:39:42 +0530 Subject: [PATCH 15/63] Checksum params is empty object --- account_manager/src/keystore/checksum.rs | 3 +-- account_manager/src/keystore/crypto.rs | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/account_manager/src/keystore/checksum.rs b/account_manager/src/keystore/checksum.rs index 4edcf191d47..805c6681629 100644 --- a/account_manager/src/keystore/checksum.rs +++ b/account_manager/src/keystore/checksum.rs @@ -1,13 +1,12 @@ use crypto::digest::Digest; use crypto::sha2::Sha256; use serde::{Deserialize, Serialize}; -use std::collections::BTreeMap; /// Checksum module for `Keystore`. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct ChecksumModule { pub function: String, - pub params: BTreeMap<(), ()>, // TODO: need a better way to encode empty json object + pub params: serde_json::Value, // Empty json object pub message: String, } diff --git a/account_manager/src/keystore/crypto.rs b/account_manager/src/keystore/crypto.rs index 17cbdc06e59..1268a99a5b5 100644 --- a/account_manager/src/keystore/crypto.rs +++ b/account_manager/src/keystore/crypto.rs @@ -2,7 +2,6 @@ use crate::keystore::checksum::{Checksum, ChecksumModule}; use crate::keystore::cipher::{Cipher, CipherModule}; use crate::keystore::kdf::{Kdf, KdfModule}; use serde::{Deserialize, Serialize}; -use std::collections::BTreeMap; /// Crypto module for keystore. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] @@ -37,7 +36,7 @@ impl Crypto { }, checksum: ChecksumModule { function: Checksum::function(), - params: BTreeMap::new(), + params: serde_json::Value::Object(serde_json::Map::default()), message: checksum, }, cipher: CipherModule { From 9bb864746fc6c2da96c4272bb5d0d8c8e7e1d943 Mon Sep 17 00:00:00 2001 From: pawan Date: Thu, 7 Nov 2019 17:27:39 +0530 Subject: [PATCH 16/63] Add public key to Keystore --- account_manager/src/keystore/mod.rs | 44 +++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/account_manager/src/keystore/mod.rs b/account_manager/src/keystore/mod.rs index 317c174e0aa..941b5550059 100644 --- a/account_manager/src/keystore/mod.rs +++ b/account_manager/src/keystore/mod.rs @@ -12,6 +12,8 @@ use std::fs::File; use std::path::PathBuf; use uuid::Uuid; +pub const PRIVATE_KEY_BYTES: usize = 48; + /// Version for `Keystore`. #[derive(Debug, Clone, PartialEq, Serialize_repr, Deserialize_repr)] #[repr(u8)] @@ -26,13 +28,14 @@ impl Default for Version { } /// TODO: Implement `path` according to -/// https://github.com/ethereum/EIPs/blob/de52c7ef2e44f2ab95d6aa4b90245c3c969aaf9f/EIPS/eip-2334.md +/// https://github.com/CarlBeek/EIPs/blob/bls_path/EIPS/eip-2334.md /// For now, `path` is set to en empty string. #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] pub struct Keystore { crypto: Crypto, uuid: Uuid, path: String, + pubkey: String, version: Version, } @@ -58,6 +61,7 @@ impl Keystore { crypto, uuid, path, + pubkey: keypair.pk.as_hex_string()[2..].to_string(), version, } } @@ -73,22 +77,37 @@ impl Keystore { .map_err(|e| format!("Unable to open keystore file: {}", e))?; let keystore: Keystore = serde_json::from_reader(&mut key_file) .map_err(|e| format!("Invalid keystore format: {:?}", e))?; - let sk = SecretKey::from_bytes(&keystore.from_keystore(password)?) - .map_err(|e| format!("Invalid secret key in keystore {:?}", e))?; - let pk = PublicKey::from_secret_key(&sk); - Ok(Keypair { sk, pk }) + return keystore.from_keystore(password); } - /// Regenerate keystore secret from given the `Keystore` object and + /// Regenerate a BLS12-381 `Keypair` from given the `Keystore` object and /// the correct password. /// /// An error is returned if the password provided is incorrect or if - /// keystore does not contain valid hex strings. - fn from_keystore(&self, password: String) -> Result, String> { - Ok(self.crypto.decrypt(password)?) + /// keystore does not contain valid hex strings or if the secret contained is not a + /// BLS12-381 secret key. + fn from_keystore(&self, password: String) -> Result { + let sk_bytes = self.crypto.decrypt(password)?; + if sk_bytes.len() != 32 { + return Err(format!("Invalid secret key size: {:?}", sk_bytes)); + } + let padded_sk_bytes = pad_secret_key(&sk_bytes); + let sk = SecretKey::from_bytes(&padded_sk_bytes) + .map_err(|e| format!("Invalid secret key in keystore {:?}", e))?; + let pk = PublicKey::from_secret_key(&sk); + debug_assert_eq!(pk.as_hex_string()[2..].to_string(), self.pubkey); + Ok(Keypair { sk, pk }) } } +/// Pad 0's to a 32 bytes BLS secret key to make it compatible with the Milagro library +/// Note: Milagro library only accepts 48 byte bls12 381 private keys. +fn pad_secret_key(sk: &[u8]) -> [u8; PRIVATE_KEY_BYTES] { + let mut bytes = [0; PRIVATE_KEY_BYTES]; + bytes[PRIVATE_KEY_BYTES - sk.len()..].copy_from_slice(sk); + bytes +} + #[cfg(test)] mod tests { use super::*; @@ -123,6 +142,7 @@ mod tests { "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" } }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", "path": "", "version": 4 @@ -155,6 +175,7 @@ mod tests { "message": "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48" } }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", "path": "m/12381/60/0/0", "uuid": "64625def-3331-4eea-ab6f-782f3ed16a83", "version": 4 @@ -163,8 +184,9 @@ mod tests { let test_vectors = vec![scrypt_test_vector, pbkdf2_test_vector]; for test in test_vectors { let keystore: Keystore = serde_json::from_str(test).unwrap(); - let secret = keystore.from_keystore(password.clone()).unwrap(); - assert_eq!(secret, hex::decode(expected_secret).unwrap()) + let keypair = keystore.from_keystore(password.clone()).unwrap(); + let expected_sk = pad_secret_key(&hex::decode(expected_secret).unwrap()); + assert_eq!(keypair.sk.as_raw().as_bytes(), expected_sk.to_vec()) } } } From f8e7f57cc52dbe6ac9597f401482346a3681ac86 Mon Sep 17 00:00:00 2001 From: pawan Date: Fri, 8 Nov 2019 15:19:40 +0530 Subject: [PATCH 17/63] Add function for saving keystore into file --- account_manager/src/keystore/mod.rs | 58 ++++++++++++++++++++++++----- 1 file changed, 49 insertions(+), 9 deletions(-) diff --git a/account_manager/src/keystore/mod.rs b/account_manager/src/keystore/mod.rs index 941b5550059..ec28603861b 100644 --- a/account_manager/src/keystore/mod.rs +++ b/account_manager/src/keystore/mod.rs @@ -10,9 +10,11 @@ use serde::{Deserialize, Serialize}; use serde_repr::*; use std::fs::File; use std::path::PathBuf; +use time; use uuid::Uuid; -pub const PRIVATE_KEY_BYTES: usize = 48; +const PRIVATE_KEY_BYTES: usize = 48; +const VALIDATOR_FOLDER_NAME: &str = "validators"; /// Version for `Keystore`. #[derive(Debug, Clone, PartialEq, Serialize_repr, Deserialize_repr)] @@ -32,21 +34,22 @@ impl Default for Version { /// For now, `path` is set to en empty string. #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] pub struct Keystore { - crypto: Crypto, - uuid: Uuid, - path: String, - pubkey: String, - version: Version, + pub crypto: Crypto, + pub uuid: Uuid, + pub path: String, + pub pubkey: String, + pub version: Version, } impl Keystore { /// Generate `Keystore` object for a BLS12-381 secret key from a - /// keypair and password. Optionally, provide params for kdf and cipher. + /// keypair and password. Optionally, provide params for kdf, cipher and a uuid. pub fn to_keystore( keypair: &Keypair, password: String, kdf: Option, cipher: Option, + uuid: Option, ) -> Self { let crypto = Crypto::encrypt( password, @@ -54,9 +57,9 @@ impl Keystore { kdf.unwrap_or_default(), cipher.unwrap_or_default(), ); - let uuid = Uuid::new_v4(); + let uuid = uuid.unwrap_or(Uuid::new_v4()); let version = Version::default(); - let path = "".to_string(); + let path = String::new(); Keystore { crypto, uuid, @@ -98,6 +101,30 @@ impl Keystore { debug_assert_eq!(pk.as_hex_string()[2..].to_string(), self.pubkey); Ok(Keypair { sk, pk }) } + + /// Save keystore into appropriate file and directory. + /// Return the path of the keystore file. + pub fn save_keystore(&self, base_path: PathBuf, key_type: KeyType) -> Result { + let validator_path = base_path.join(VALIDATOR_FOLDER_NAME); + validator_path.join(self.uuid.to_string()); + + let mut file_name = match key_type { + KeyType::Voting => "voting-".to_string(), + KeyType::Withdrawal => "withdrawal-".to_string(), + }; + file_name.push_str(&get_utc_time()); + file_name.push_str(&self.uuid.to_string()); + + let keystore_path = validator_path.join(file_name); + std::fs::create_dir_all(&validator_path) + .map_err(|e| format!("Cannot create directory: {}", e))?; + + let keystore_file = File::create(&keystore_path) + .map_err(|e| format!("Cannot create keystore file: {}", e))?; + serde_json::to_writer_pretty(keystore_file, &self) + .map_err(|e| format!("Error writing keystore into file: {}", e))?; + Ok(keystore_path) + } } /// Pad 0's to a 32 bytes BLS secret key to make it compatible with the Milagro library @@ -108,6 +135,19 @@ fn pad_secret_key(sk: &[u8]) -> [u8; PRIVATE_KEY_BYTES] { bytes } +/// Return UTC time. +fn get_utc_time() -> String { + let timestamp = time::strftime("%Y-%m-%dT%H-%M-%S", &time::now_utc()) + .expect("Time-format string is valid."); + format!("UTC--{}--", timestamp) +} + +#[derive(PartialEq)] +pub enum KeyType { + Voting, + Withdrawal, +} + #[cfg(test)] mod tests { use super::*; From 2777b495e7039d8cbd2fe6f4e1617b4cecddd59e Mon Sep 17 00:00:00 2001 From: pawan Date: Wed, 8 Jan 2020 00:41:04 +0530 Subject: [PATCH 18/63] Deleted account_manager main.rs --- account_manager/src/main.rs | 249 ------------------------------------ 1 file changed, 249 deletions(-) delete mode 100644 account_manager/src/main.rs diff --git a/account_manager/src/main.rs b/account_manager/src/main.rs deleted file mode 100644 index b3e2f297ee0..00000000000 --- a/account_manager/src/main.rs +++ /dev/null @@ -1,249 +0,0 @@ -use bls::Keypair; -use clap::{App, Arg, SubCommand}; -use slog::{crit, debug, info, o, Drain}; -use std::fs; -use std::path::PathBuf; -use types::test_utils::generate_deterministic_keypair; -use types::DepositData; -use validator_client::Config as ValidatorClientConfig; -mod deposit; -pub mod keystore; -pub const DEFAULT_DATA_DIR: &str = ".lighthouse-validator"; -pub const CLIENT_CONFIG_FILENAME: &str = "account-manager.toml"; - -fn main() { - // Logging - let decorator = slog_term::TermDecorator::new().build(); - let drain = slog_term::CompactFormat::new(decorator).build().fuse(); - let drain = slog_async::Async::new(drain).build().fuse(); - let mut log = slog::Logger::root(drain, o!()); - - // CLI - let matches = App::new("Lighthouse Accounts Manager") - .version("0.0.1") - .author("Sigma Prime ") - .about("Eth 2.0 Accounts Manager") - .arg( - Arg::with_name("logfile") - .long("logfile") - .value_name("logfile") - .help("File path where output will be written.") - .takes_value(true), - ) - .arg( - Arg::with_name("datadir") - .long("datadir") - .short("d") - .value_name("DIR") - .help("Data directory for keys and databases.") - .takes_value(true), - ) - .subcommand( - SubCommand::with_name("generate") - .about("Generates a new validator private key") - .version("0.0.1") - .author("Sigma Prime "), - ) - .subcommand( - SubCommand::with_name("generate_deterministic") - .about("Generates a deterministic validator private key FOR TESTING") - .version("0.0.1") - .author("Sigma Prime ") - .arg( - Arg::with_name("validator index") - .long("index") - .short("i") - .value_name("index") - .help("The index of the validator, for which the test key is generated") - .takes_value(true) - .required(true), - ) - .arg( - Arg::with_name("validator count") - .long("validator_count") - .short("n") - .value_name("validator_count") - .help("If supplied along with `index`, generates keys `i..i + n`.") - .takes_value(true) - .default_value("1"), - ), - ) - .subcommand( - SubCommand::with_name("generate_deposit_params") - .about("Generates deposit parameters for submitting to the deposit contract") - .version("0.0.1") - .author("Sigma Prime ") - .arg( - Arg::with_name("validator_sk_path") - .long("validator_sk_path") - .short("v") - .value_name("validator_sk_path") - .help("Path to the validator private key directory") - .takes_value(true) - .required(true), - ) - .arg( - Arg::with_name("withdrawal_sk_path") - .long("withdrawal_sk_path") - .short("w") - .value_name("withdrawal_sk_path") - .help("Path to the withdrawal private key directory") - .takes_value(true) - .required(true), - ) - .arg( - Arg::with_name("deposit_amount") - .long("deposit_amount") - .short("a") - .value_name("deposit_amount") - .help("Deposit amount in GWEI") - .takes_value(true) - .required(true), - ), - ) - .get_matches(); - - let data_dir = match matches - .value_of("datadir") - .and_then(|v| Some(PathBuf::from(v))) - { - Some(v) => v, - None => { - // use the default - let mut default_dir = match dirs::home_dir() { - Some(v) => v, - None => { - crit!(log, "Failed to find a home directory"); - return; - } - }; - default_dir.push(DEFAULT_DATA_DIR); - default_dir - } - }; - - // create the directory if needed - match fs::create_dir_all(&data_dir) { - Ok(_) => {} - Err(e) => { - crit!(log, "Failed to initialize data dir"; "error" => format!("{}", e)); - return; - } - } - - let mut client_config = ValidatorClientConfig::default(); - - // Ensure the `data_dir` in the config matches that supplied to the CLI. - client_config.data_dir = data_dir.clone(); - - if let Err(e) = client_config.apply_cli_args(&matches, &mut log) { - crit!(log, "Failed to parse ClientConfig CLI arguments"; "error" => format!("{:?}", e)); - return; - }; - - // Log configuration - info!(log, ""; - "data_dir" => &client_config.data_dir.to_str()); - - match matches.subcommand() { - ("generate", Some(_)) => generate_random(&client_config, &log), - ("generate_deterministic", Some(m)) => { - if let Some(string) = m.value_of("validator index") { - let i: usize = string.parse().expect("Invalid validator index"); - if let Some(string) = m.value_of("validator count") { - let n: usize = string.parse().expect("Invalid end validator count"); - - let indices: Vec = (i..i + n).collect(); - generate_deterministic_multiple(&indices, &client_config, &log) - } else { - generate_deterministic(i, &client_config, &log) - } - } - } - ("generate_deposit_params", Some(m)) => { - let validator_kp_path = m - .value_of("validator_sk_path") - .expect("generating deposit params requires validator key path") - .parse::() - .expect("Must be a valid path"); - let withdrawal_kp_path = m - .value_of("withdrawal_sk_path") - .expect("generating deposit params requires withdrawal key path") - .parse::() - .expect("Must be a valid path"); - let amount = m - .value_of("deposit_amount") - .expect("generating deposit params requires deposit amount") - .parse::() - .expect("Must be a valid u64"); - let deposit = generate_deposit_params( - validator_kp_path, - withdrawal_kp_path, - amount, - &client_config, - &log, - ); - // TODO: just printing for now. Decide how to process - println!("Deposit data: {:?}", deposit); - } - _ => { - crit!( - log, - "The account manager must be run with a subcommand. See help for more information." - ); - } - } -} - -fn generate_random(config: &ValidatorClientConfig, log: &slog::Logger) { - save_key(&Keypair::random(), config, log) -} - -fn generate_deterministic_multiple( - validator_indices: &[usize], - config: &ValidatorClientConfig, - log: &slog::Logger, -) { - for validator_index in validator_indices { - generate_deterministic(*validator_index, config, log) - } -} - -fn generate_deterministic( - validator_index: usize, - config: &ValidatorClientConfig, - log: &slog::Logger, -) { - save_key( - &generate_deterministic_keypair(validator_index), - config, - log, - ) -} - -fn save_key(keypair: &Keypair, config: &ValidatorClientConfig, log: &slog::Logger) { - let key_path: PathBuf = config - .save_key(&keypair) - .expect("Unable to save newly generated private key."); - debug!( - log, - "Keypair generated {:?}, saved to: {:?}", - keypair.identifier(), - key_path.to_string_lossy() - ); -} - -fn generate_deposit_params( - vk_path: PathBuf, - wk_path: PathBuf, - amount: u64, - config: &ValidatorClientConfig, - log: &slog::Logger, -) -> DepositData { - let vk: Keypair = config.read_keypair_file(vk_path).unwrap(); - let wk: Keypair = config.read_keypair_file(wk_path).unwrap(); - - let spec = types::ChainSpec::default(); - debug!(log, "Generating deposit parameters"); - deposit::generate_deposit_params(vk, &wk, amount, &spec) -} From ae631d4d41bfa515761525e1b2ad27bf5bf2f253 Mon Sep 17 00:00:00 2001 From: pawan Date: Tue, 26 Nov 2019 18:56:20 +0530 Subject: [PATCH 19/63] Move keystore module to validator_client --- Cargo.lock | 5 +++ validator_client/Cargo.toml | 5 +++ .../src/keystore/checksum.rs | 0 .../src/keystore/cipher.rs | 0 .../src/keystore/crypto.rs | 0 .../src/keystore/kdf.rs | 0 .../src/keystore/mod.rs | 39 ------------------- validator_client/src/lib.rs | 1 + 8 files changed, 11 insertions(+), 39 deletions(-) rename {account_manager => validator_client}/src/keystore/checksum.rs (100%) rename {account_manager => validator_client}/src/keystore/cipher.rs (100%) rename {account_manager => validator_client}/src/keystore/crypto.rs (100%) rename {account_manager => validator_client}/src/keystore/kdf.rs (100%) rename {account_manager => validator_client}/src/keystore/mod.rs (83%) diff --git a/Cargo.lock b/Cargo.lock index 080508580f6..dc3cd9d5899 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4674,20 +4674,25 @@ dependencies = [ "lighthouse_bootstrap 0.1.0", "logging 0.1.0", "parking_lot 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)", "rayon 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)", "remote_beacon_node 0.1.0", + "rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)", "serde 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)", "serde_derive 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)", "serde_json 1.0.44 (registry+https://github.com/rust-lang/crates.io-index)", + "serde_repr 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", "slog 2.5.2 (registry+https://github.com/rust-lang/crates.io-index)", "slog-async 2.3.0 (registry+https://github.com/rust-lang/crates.io-index)", "slog-term 2.4.2 (registry+https://github.com/rust-lang/crates.io-index)", "slot_clock 0.1.0", "tempdir 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)", + "time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)", "tokio 0.1.22 (registry+https://github.com/rust-lang/crates.io-index)", "tokio-timer 0.2.12 (registry+https://github.com/rust-lang/crates.io-index)", "tree_hash 0.1.1", "types 0.1.0", + "uuid 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] diff --git a/validator_client/Cargo.toml b/validator_client/Cargo.toml index b38bfff39d4..3a550bc65d8 100644 --- a/validator_client/Cargo.toml +++ b/validator_client/Cargo.toml @@ -20,6 +20,7 @@ types = { path = "../eth2/types" } serde = "1.0.102" serde_derive = "1.0.102" serde_json = "1.0.41" +serde_repr = "0.1" slog = { version = "2.5.2", features = ["max_level_trace", "release_max_level_trace"] } slog-async = "2.3.0" slog-term = "2.4.2" @@ -41,3 +42,7 @@ bls = { path = "../eth2/utils/bls" } remote_beacon_node = { path = "../eth2/utils/remote_beacon_node" } tempdir = "0.3" rayon = "1.2.0" +rand = "0.7.2" +rust-crypto = "0.2.36" +uuid = { version = "0.8", features = ["serde", "v4"] } +time = "0.1.42" \ No newline at end of file diff --git a/account_manager/src/keystore/checksum.rs b/validator_client/src/keystore/checksum.rs similarity index 100% rename from account_manager/src/keystore/checksum.rs rename to validator_client/src/keystore/checksum.rs diff --git a/account_manager/src/keystore/cipher.rs b/validator_client/src/keystore/cipher.rs similarity index 100% rename from account_manager/src/keystore/cipher.rs rename to validator_client/src/keystore/cipher.rs diff --git a/account_manager/src/keystore/crypto.rs b/validator_client/src/keystore/crypto.rs similarity index 100% rename from account_manager/src/keystore/crypto.rs rename to validator_client/src/keystore/crypto.rs diff --git a/account_manager/src/keystore/kdf.rs b/validator_client/src/keystore/kdf.rs similarity index 100% rename from account_manager/src/keystore/kdf.rs rename to validator_client/src/keystore/kdf.rs diff --git a/account_manager/src/keystore/mod.rs b/validator_client/src/keystore/mod.rs similarity index 83% rename from account_manager/src/keystore/mod.rs rename to validator_client/src/keystore/mod.rs index ec28603861b..8b0167b848c 100644 --- a/account_manager/src/keystore/mod.rs +++ b/validator_client/src/keystore/mod.rs @@ -10,11 +10,9 @@ use serde::{Deserialize, Serialize}; use serde_repr::*; use std::fs::File; use std::path::PathBuf; -use time; use uuid::Uuid; const PRIVATE_KEY_BYTES: usize = 48; -const VALIDATOR_FOLDER_NAME: &str = "validators"; /// Version for `Keystore`. #[derive(Debug, Clone, PartialEq, Serialize_repr, Deserialize_repr)] @@ -101,30 +99,6 @@ impl Keystore { debug_assert_eq!(pk.as_hex_string()[2..].to_string(), self.pubkey); Ok(Keypair { sk, pk }) } - - /// Save keystore into appropriate file and directory. - /// Return the path of the keystore file. - pub fn save_keystore(&self, base_path: PathBuf, key_type: KeyType) -> Result { - let validator_path = base_path.join(VALIDATOR_FOLDER_NAME); - validator_path.join(self.uuid.to_string()); - - let mut file_name = match key_type { - KeyType::Voting => "voting-".to_string(), - KeyType::Withdrawal => "withdrawal-".to_string(), - }; - file_name.push_str(&get_utc_time()); - file_name.push_str(&self.uuid.to_string()); - - let keystore_path = validator_path.join(file_name); - std::fs::create_dir_all(&validator_path) - .map_err(|e| format!("Cannot create directory: {}", e))?; - - let keystore_file = File::create(&keystore_path) - .map_err(|e| format!("Cannot create keystore file: {}", e))?; - serde_json::to_writer_pretty(keystore_file, &self) - .map_err(|e| format!("Error writing keystore into file: {}", e))?; - Ok(keystore_path) - } } /// Pad 0's to a 32 bytes BLS secret key to make it compatible with the Milagro library @@ -135,19 +109,6 @@ fn pad_secret_key(sk: &[u8]) -> [u8; PRIVATE_KEY_BYTES] { bytes } -/// Return UTC time. -fn get_utc_time() -> String { - let timestamp = time::strftime("%Y-%m-%dT%H-%M-%S", &time::now_utc()) - .expect("Time-format string is valid."); - format!("UTC--{}--", timestamp) -} - -#[derive(PartialEq)] -pub enum KeyType { - Voting, - Withdrawal, -} - #[cfg(test)] mod tests { use super::*; diff --git a/validator_client/src/lib.rs b/validator_client/src/lib.rs index a9660ef8529..b40b679e151 100644 --- a/validator_client/src/lib.rs +++ b/validator_client/src/lib.rs @@ -4,6 +4,7 @@ mod cli; mod config; mod duties_service; mod fork_service; +mod keystore; mod notifier; mod validator_store; From 9c366eb17ba9032ff39eb6088ce7fe0c8ae74570 Mon Sep 17 00:00:00 2001 From: pawan Date: Tue, 26 Nov 2019 18:57:25 +0530 Subject: [PATCH 20/63] Add save_keystore method to validator_directory --- validator_client/src/validator_directory.rs | 69 +++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/validator_client/src/validator_directory.rs b/validator_client/src/validator_directory.rs index 15d2edd9a24..a9965a323aa 100644 --- a/validator_client/src/validator_directory.rs +++ b/validator_client/src/validator_directory.rs @@ -1,3 +1,4 @@ +use crate::keystore::Keystore; use bls::get_withdrawal_credentials; use deposit_contract::eth1_tx_data; use hex; @@ -12,6 +13,7 @@ use types::{ test_utils::generate_deterministic_keypair, ChainSpec, DepositData, Hash256, Keypair, PublicKey, SecretKey, Signature, }; +use uuid::Uuid; const VOTING_KEY_PREFIX: &str = "voting"; const WITHDRAWAL_KEY_PREFIX: &str = "withdrawal"; @@ -22,11 +24,33 @@ fn keypair_file(prefix: &str) -> String { format!("{}_keypair", prefix) } +/// Returns the filename of a keystore file. +fn keystore_file(keystore: &Keystore, prefix: &str) -> String { + format!( + "{}-{}-{}", + prefix, + &get_utc_time(), + keystore.uuid.to_string() + ) +} + /// Returns the name of the folder to be generated for a validator with the given voting key. fn dir_name(voting_pubkey: &PublicKey) -> String { format!("0x{}", hex::encode(voting_pubkey.as_ssz_bytes())) } +/// Returns the name of folder to be generated for a keystore with a given uuid. +fn dir_name_keystore(uuid: &Uuid) -> String { + uuid.to_string() +} + +/// Return UTC time. +fn get_utc_time() -> String { + let timestamp = time::strftime("%Y-%m-%dT%H-%M-%S", &time::now_utc()) + .expect("Time-format string is valid."); + format!("UTC--{}--", timestamp) +} + /// Represents the files/objects for each dedicated lighthouse validator directory. /// /// Generally lives in `~/.lighthouse/validators/`. @@ -198,6 +222,22 @@ impl ValidatorDirectoryBuilder { Ok(self) } + pub fn create_keystore_directory( + keystore: &Keystore, + base_path: PathBuf, + ) -> Result<(), String> { + let directory = base_path.join(dir_name_keystore(&keystore.uuid)); + if directory.exists() { + return Err(format!( + "Validator keystore directory already exists: {:?}", + directory + )); + } + fs::create_dir_all(&directory) + .map_err(|e| format!("Unable to create keystore validator directory: {}", e))?; + Ok(()) + } + pub fn write_keypair_files(self) -> Result { let voting_keypair = self .voting_keypair @@ -241,6 +281,35 @@ impl ValidatorDirectoryBuilder { Ok(()) } + pub fn save_keystore( + &self, + base_path: PathBuf, + keystore: &Keystore, + file_prefix: &str, + ) -> Result<(), String> { + let directory = base_path.join(dir_name_keystore(&keystore.uuid)); + let path = directory.join(keystore_file(&keystore, file_prefix)); + + if path.exists() { + return Err(format!("Keystore file already exists at: {:?}", path)); + } + + let file = File::create(&path).map_err(|e| format!("Unable to create file: {}", e))?; + + // Ensure file has correct permissions. + let mut perm = file + .metadata() + .map_err(|e| format!("Unable to get file metadata: {}", e))? + .permissions(); + perm.set_mode((libc::S_IWUSR | libc::S_IRUSR) as u32); + file.set_permissions(perm) + .map_err(|e| format!("Unable to set file permissions: {}", e))?; + + serde_json::to_writer_pretty(file, &keystore) + .map_err(|e| format!("Error writing keystore into file: {}", e))?; + Ok(()) + } + pub fn write_eth1_data_file(mut self) -> Result { let voting_keypair = self .voting_keypair From 4e1a0d0474ec924b828b199a6a9faa0bf5f1e49c Mon Sep 17 00:00:00 2001 From: pawan Date: Tue, 26 Nov 2019 19:21:55 +0530 Subject: [PATCH 21/63] Add load_keystore function. Minor refactorings --- validator_client/src/keystore/mod.rs | 26 +++++---------------- validator_client/src/validator_directory.rs | 13 +++++++++++ 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/validator_client/src/keystore/mod.rs b/validator_client/src/keystore/mod.rs index 8b0167b848c..b3fec45cc21 100644 --- a/validator_client/src/keystore/mod.rs +++ b/validator_client/src/keystore/mod.rs @@ -8,8 +8,6 @@ use crate::keystore::kdf::Kdf; use bls::{Keypair, PublicKey, SecretKey}; use serde::{Deserialize, Serialize}; use serde_repr::*; -use std::fs::File; -use std::path::PathBuf; use uuid::Uuid; const PRIVATE_KEY_BYTES: usize = 48; @@ -42,7 +40,7 @@ pub struct Keystore { impl Keystore { /// Generate `Keystore` object for a BLS12-381 secret key from a /// keypair and password. Optionally, provide params for kdf, cipher and a uuid. - pub fn to_keystore( + pub fn new( keypair: &Keypair, password: String, kdf: Option, @@ -67,27 +65,13 @@ impl Keystore { } } - /// Regenerate a BLS12-381 `Keypair` given path to the keystore file and - /// the correct password. - /// - /// An error is returned if the secret in the file does not contain a valid - /// `Keystore` or if the secret contained is not a - /// BLS12-381 secret key or if the password provided is incorrect. - pub fn read_keystore_file(keystore_path: PathBuf, password: String) -> Result { - let mut key_file = File::open(keystore_path.clone()) - .map_err(|e| format!("Unable to open keystore file: {}", e))?; - let keystore: Keystore = serde_json::from_reader(&mut key_file) - .map_err(|e| format!("Invalid keystore format: {:?}", e))?; - return keystore.from_keystore(password); - } - /// Regenerate a BLS12-381 `Keypair` from given the `Keystore` object and /// the correct password. /// /// An error is returned if the password provided is incorrect or if /// keystore does not contain valid hex strings or if the secret contained is not a /// BLS12-381 secret key. - fn from_keystore(&self, password: String) -> Result { + fn to_keypair(&self, password: String) -> Result { let sk_bytes = self.crypto.decrypt(password)?; if sk_bytes.len() != 32 { return Err(format!("Invalid secret key size: {:?}", sk_bytes)); @@ -96,7 +80,9 @@ impl Keystore { let sk = SecretKey::from_bytes(&padded_sk_bytes) .map_err(|e| format!("Invalid secret key in keystore {:?}", e))?; let pk = PublicKey::from_secret_key(&sk); - debug_assert_eq!(pk.as_hex_string()[2..].to_string(), self.pubkey); + if pk.as_hex_string()[2..].to_string() != self.pubkey { + return Err(format!("Decoded pubkey doesn't match keystore pubkey")); + } Ok(Keypair { sk, pk }) } } @@ -185,7 +171,7 @@ mod tests { let test_vectors = vec![scrypt_test_vector, pbkdf2_test_vector]; for test in test_vectors { let keystore: Keystore = serde_json::from_str(test).unwrap(); - let keypair = keystore.from_keystore(password.clone()).unwrap(); + let keypair = keystore.to_keypair(password.clone()).unwrap(); let expected_sk = pad_secret_key(&hex::decode(expected_secret).unwrap()); assert_eq!(keypair.sk.as_raw().as_bytes(), expected_sk.to_vec()) } diff --git a/validator_client/src/validator_directory.rs b/validator_client/src/validator_directory.rs index a9965a323aa..83003793141 100644 --- a/validator_client/src/validator_directory.rs +++ b/validator_client/src/validator_directory.rs @@ -105,6 +105,19 @@ fn load_keypair(base_path: PathBuf, file_prefix: &str) -> Result Result { + if !path.exists() { + return Err(format!("Keypair file does not exist: {:?}", path)); + } + + let mut key_file = + File::open(path.clone()).map_err(|e| format!("Unable to open keystore file: {}", e))?; + let keystore: Keystore = serde_json::from_reader(&mut key_file) + .map_err(|e| format!("Invalid keystore format: {:?}", e))?; + Ok(keystore) +} + /// Load eth1_deposit_data from file. fn load_eth1_deposit_data(base_path: PathBuf) -> Result, String> { let path = base_path.join(ETH1_DEPOSIT_DATA_FILE); From a56e5a3a24485829e1b1442df87aae941debace3 Mon Sep 17 00:00:00 2001 From: pawan Date: Wed, 8 Jan 2020 00:52:19 +0530 Subject: [PATCH 22/63] Fixed dependencies --- Cargo.lock | 29 +++++++++++++++++++++++++++++ account_manager/Cargo.toml | 12 +----------- 2 files changed, 30 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index dc3cd9d5899..f88b86cb3e3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3476,6 +3476,18 @@ dependencies = [ "crossbeam-utils 0.6.6 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "rust-crypto" +version = "0.2.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "gcc 0.3.55 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.3.23 (registry+https://github.com/rust-lang/crates.io-index)", + "rustc-serialize 0.3.24 (registry+https://github.com/rust-lang/crates.io-index)", + "time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "rustc-demangle" version = "0.1.16" @@ -3486,6 +3498,11 @@ name = "rustc-hex" version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" +[[package]] +name = "rustc-serialize" +version = "0.3.24" +source = "registry+https://github.com/rust-lang/crates.io-index" + [[package]] name = "rustc_version" version = "0.2.3" @@ -4652,6 +4669,15 @@ dependencies = [ "rand 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "uuid" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "rand 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)", + "serde 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "validator_client" version = "0.1.0" @@ -5420,8 +5446,10 @@ dependencies = [ "checksum rle-decode-fast 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "cabe4fa914dec5870285fa7f71f602645da47c486e68486d2b4ceb4a343e90ac" "checksum rlp 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "3a44d5ae8afcb238af8b75640907edc6c931efcfab2c854e81ed35fa080f84cd" "checksum rust-argon2 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4ca4eaef519b494d1f2848fc602d18816fed808a981aedf4f1f00ceb7c9d32cf" +"checksum rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)" = "f76d05d3993fd5f4af9434e8e436db163a12a9d40e1a58a726f27a01dfd12a2a" "checksum rustc-demangle 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)" = "4c691c0e608126e00913e33f0ccf3727d5fc84573623b8d65b2df340b5201783" "checksum rustc-hex 2.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "403bb3a286107a04825a5f82e1270acc1e14028d3d554d7a1e08914549575ab8" +"checksum rustc-serialize 0.3.24 (registry+https://github.com/rust-lang/crates.io-index)" = "dcf128d1287d2ea9d80910b5f1120d0b8eede3fbf1abe91c40d39ea7d51e6fda" "checksum rustc_version 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a" "checksum rustls 0.16.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b25a18b1bf7387f0145e7f8324e700805aade3842dd3db2e74e4cdeb4677c09e" "checksum rw-stream-sink 0.1.2 (git+https://github.com/SigP/rust-libp2p/?rev=c0c71fa4d7e6621cafe2c087d1aa1bc60dd9116e)" = "" @@ -5535,6 +5563,7 @@ dependencies = [ "checksum url 1.7.2 (registry+https://github.com/rust-lang/crates.io-index)" = "dd4e7c0d531266369519a4aa4f399d748bd37043b00bde1e4ff1f60a120b355a" "checksum url 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "75b414f6c464c879d7f9babf951f23bc3743fb7313c081b2e6ca719067ea9d61" "checksum uuid 0.7.4 (registry+https://github.com/rust-lang/crates.io-index)" = "90dbc611eb48397705a6b0f6e917da23ae517e4d127123d2cf7674206627d32a" +"checksum uuid 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "9fde2f6a4bea1d6e007c4ad38c6839fa71cbb63b6dbf5b595aa38dc9b1093c11" "checksum vcpkg 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)" = "3fc439f2794e98976c88a2a2dafce96b930fe8010b0a256b3c2199a773933168" "checksum vec_map 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "05c78687fb1a80548ae3250346c3db86a80a7cdd77bda190189f2d0a0987c81a" "checksum version_check 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "914b1a6776c4c929a602fafd8bc742e06365d4bcbe48c30f9cca5824f70dc9dd" diff --git a/account_manager/Cargo.toml b/account_manager/Cargo.toml index b6452f170f4..ad91ad4efe2 100644 --- a/account_manager/Cargo.toml +++ b/account_manager/Cargo.toml @@ -6,7 +6,6 @@ edition = "2018" [dev-dependencies] tempdir = "0.3" -tree_hash = "0.1" [dependencies] bls = { path = "../eth2/utils/bls" } @@ -21,18 +20,9 @@ deposit_contract = { path = "../eth2/utils/deposit_contract" } libc = "0.2.65" eth2_ssz = { path = "../eth2/utils/ssz" } eth2_ssz_derive = { path = "../eth2/utils/ssz_derive" } +hex = "0.3" validator_client = { path = "../validator_client" } rayon = "1.2.0" eth2_testnet_config = { path = "../eth2/utils/eth2_testnet_config" } web3 = "0.8.0" futures = "0.1.25" -parity-crypto = "0.4.2" -rand = "0.7.2" -rust-crypto = "0.2.36" -hex = "0.4.0" -serde = { version = "1.0", features = ["derive"] } -serde_json = "1.0" -serde_repr = "0.1" -uuid = { version = "0.8", features = ["serde", "v4"] } - - From 3a93b983ac3d93b5462cd30ec02770b7b6ad8f79 Mon Sep 17 00:00:00 2001 From: pawan Date: Thu, 5 Mar 2020 10:28:50 +0530 Subject: [PATCH 23/63] Address some review comments --- Cargo.lock | 1 + validator_client/Cargo.toml | 3 ++- validator_client/src/keystore/cipher.rs | 12 ++++++++---- validator_client/src/keystore/crypto.rs | 9 ++++----- validator_client/src/keystore/kdf.rs | 8 ++++---- validator_client/src/keystore/mod.rs | 1 + 6 files changed, 20 insertions(+), 14 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f88b86cb3e3..55e117b8122 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4719,6 +4719,7 @@ dependencies = [ "tree_hash 0.1.1", "types 0.1.0", "uuid 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", + "zeroize 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] diff --git a/validator_client/Cargo.toml b/validator_client/Cargo.toml index 3a550bc65d8..9ec575f0087 100644 --- a/validator_client/Cargo.toml +++ b/validator_client/Cargo.toml @@ -45,4 +45,5 @@ rayon = "1.2.0" rand = "0.7.2" rust-crypto = "0.2.36" uuid = { version = "0.8", features = ["serde", "v4"] } -time = "0.1.42" \ No newline at end of file +time = "0.1.42" +zeroize = "1.0" \ No newline at end of file diff --git a/validator_client/src/keystore/cipher.rs b/validator_client/src/keystore/cipher.rs index 40d03eb38f3..e95d1ee5e13 100644 --- a/validator_client/src/keystore/cipher.rs +++ b/validator_client/src/keystore/cipher.rs @@ -6,11 +6,15 @@ use std::default::Default; const IV_SIZE: usize = 16; /// Convert slice to fixed length array. -fn from_slice(bytes: &[u8]) -> [u8; IV_SIZE] { +/// Returns `None` if slice has len > `IV_SIZE` +fn from_slice(bytes: &[u8]) -> Option<[u8; IV_SIZE]> { + if bytes.len() != 16 { + return None; + } let mut array = [0; IV_SIZE]; - let bytes = &bytes[..array.len()]; // panics if not enough data + let bytes = &bytes[..array.len()]; array.copy_from_slice(bytes); - array + Some(array) } /// Cipher module representation. @@ -69,7 +73,7 @@ where E: de::Error, { let bytes = hex::decode(v).map_err(E::custom)?; - Ok(from_slice(&bytes)) + from_slice(&bytes).ok_or_else(|| E::custom(format!("IV should have length 16 bytes"))) } } deserializer.deserialize_any(StringVisitor) diff --git a/validator_client/src/keystore/crypto.rs b/validator_client/src/keystore/crypto.rs index 1268a99a5b5..a439ab3dbc9 100644 --- a/validator_client/src/keystore/crypto.rs +++ b/validator_client/src/keystore/crypto.rs @@ -52,7 +52,7 @@ impl Crypto { /// An error will be returned if `cipher.message` is not in hex format or /// if password is incorrect. pub fn decrypt(&self, password: String) -> Result, String> { - // Genrate derived key + // Generate derived key let derived_key = match &self.kdf.params { Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(&password), Kdf::Scrypt(scrypt) => scrypt.derive_key(&password), @@ -80,6 +80,7 @@ impl Crypto { } } +// Test cases taken from https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases #[cfg(test)] mod tests { use super::*; @@ -109,7 +110,7 @@ mod tests { dklen: 32, c: 262144, prf: Prf::HmacSha256, - salt: salt, + salt, }); let cipher = Cipher::Aes128Ctr(Aes128Ctr { @@ -122,7 +123,6 @@ mod tests { assert_eq!(expected_cipher, keystore.cipher.message); let json = serde_json::to_string(&keystore).unwrap(); - println!("{}", json); let recovered_keystore: Crypto = serde_json::from_str(&json).unwrap(); let recovered_secret = recovered_keystore.decrypt(password).unwrap(); @@ -147,7 +147,7 @@ mod tests { n: 262144, r: 8, p: 1, - salt: salt, + salt, }); let cipher = Cipher::Aes128Ctr(Aes128Ctr { @@ -160,7 +160,6 @@ mod tests { assert_eq!(expected_cipher, keystore.cipher.message); let json = serde_json::to_string(&keystore).unwrap(); - println!("{}", json); let recovered_keystore: Crypto = serde_json::from_str(&json).unwrap(); let recovered_secret = recovered_keystore.decrypt(password).unwrap(); diff --git a/validator_client/src/keystore/kdf.rs b/validator_client/src/keystore/kdf.rs index 3039b1b6527..930afb7c158 100644 --- a/validator_client/src/keystore/kdf.rs +++ b/validator_client/src/keystore/kdf.rs @@ -32,11 +32,11 @@ impl Default for Pbkdf2 { impl Pbkdf2 { /// Derive key from password. - pub fn derive_key(&self, password: &str) -> Vec { + pub fn derive_key(&self, password: &str) -> [u8; DECRYPTION_KEY_SIZE as usize] { let mut dk = [0u8; DECRYPTION_KEY_SIZE as usize]; let mut mac = self.prf.mac(password.as_bytes()); pbkdf2::pbkdf2(&mut mac, &self.salt, self.c, &mut dk); - dk.to_vec() + dk } } @@ -61,13 +61,13 @@ fn log2_int(x: u32) -> u32 { } impl Scrypt { - pub fn derive_key(&self, password: &str) -> Vec { + pub fn derive_key(&self, password: &str) -> [u8; DECRYPTION_KEY_SIZE as usize] { let mut dk = [0u8; DECRYPTION_KEY_SIZE as usize]; // Assert that `n` is power of 2 debug_assert_eq!(self.n, 2u32.pow(log2_int(self.n))); let params = scrypt::ScryptParams::new(log2_int(self.n) as u8, self.r, self.p); scrypt::scrypt(password.as_bytes(), &self.salt, ¶ms, &mut dk); - dk.to_vec() + dk } } diff --git a/validator_client/src/keystore/mod.rs b/validator_client/src/keystore/mod.rs index b3fec45cc21..24583cfadd2 100644 --- a/validator_client/src/keystore/mod.rs +++ b/validator_client/src/keystore/mod.rs @@ -95,6 +95,7 @@ fn pad_secret_key(sk: &[u8]) -> [u8; PRIVATE_KEY_BYTES] { bytes } +// Test cases taken from https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases #[cfg(test)] mod tests { use super::*; From 1933b753b0e44e23954a0670557eaa819d6934f2 Mon Sep 17 00:00:00 2001 From: pawan Date: Fri, 6 Mar 2020 19:28:44 +0530 Subject: [PATCH 24/63] Add Password newtype; derive Zeroize --- Cargo.lock | 15 +++++++ validator_client/Cargo.toml | 2 +- validator_client/src/keystore/crypto.rs | 43 +++++++++++++++++---- validator_client/src/keystore/mod.rs | 31 +++++++++++---- validator_client/src/validator_directory.rs | 4 +- 5 files changed, 78 insertions(+), 17 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 55e117b8122..20c47848b49 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5136,6 +5136,9 @@ dependencies = [ name = "zeroize" version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "zeroize_derive 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", +] [[package]] name = "zeroize_derive" @@ -5158,6 +5161,17 @@ dependencies = [ "synstructure 0.10.2 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "zeroize_derive" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "proc-macro2 1.0.7 (registry+https://github.com/rust-lang/crates.io-index)", + "quote 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", + "syn 1.0.12 (registry+https://github.com/rust-lang/crates.io-index)", + "synstructure 0.12.3 (registry+https://github.com/rust-lang/crates.io-index)", +] + [metadata] "checksum adler32 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "5d2e7343e7fc9de883d1b0341e0b13970f764c14101234857d2ddafa1cb1cac2" "checksum aes-ctr 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d2e5b0458ea3beae0d1d8c0f3946564f8e10f90646cf78c06b4351052058d1ee" @@ -5608,3 +5622,4 @@ dependencies = [ "checksum zeroize 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3cbac2ed2ba24cc90f5e06485ac8c7c1e5449fe8911aef4d8877218af021a5b8" "checksum zeroize_derive 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b3f07490820219949839d0027b965ffdd659d75be9220c00798762e36c6cd281" "checksum zeroize_derive 0.9.3 (registry+https://github.com/rust-lang/crates.io-index)" = "080616bd0e31f36095288bb0acdf1f78ef02c2fa15527d7e993f2a6c7591643e" +"checksum zeroize_derive 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "de251eec69fc7c1bc3923403d18ececb929380e016afe103da75f396704f8ca2" diff --git a/validator_client/Cargo.toml b/validator_client/Cargo.toml index 9ec575f0087..4962b4b9aab 100644 --- a/validator_client/Cargo.toml +++ b/validator_client/Cargo.toml @@ -46,4 +46,4 @@ rand = "0.7.2" rust-crypto = "0.2.36" uuid = { version = "0.8", features = ["serde", "v4"] } time = "0.1.42" -zeroize = "1.0" \ No newline at end of file +zeroize = { version = "1.0.0", features = ["zeroize_derive"] } diff --git a/validator_client/src/keystore/crypto.rs b/validator_client/src/keystore/crypto.rs index a439ab3dbc9..30d8ba9e439 100644 --- a/validator_client/src/keystore/crypto.rs +++ b/validator_client/src/keystore/crypto.rs @@ -2,6 +2,35 @@ use crate::keystore::checksum::{Checksum, ChecksumModule}; use crate::keystore::cipher::{Cipher, CipherModule}; use crate::keystore::kdf::{Kdf, KdfModule}; use serde::{Deserialize, Serialize}; +use std::fmt; +use zeroize::Zeroize; + +#[derive(Zeroize, Clone, PartialEq)] +#[zeroize(drop)] +pub struct Password(String); + +impl fmt::Display for Password { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "******") + } +} +impl Password { + pub fn as_str(&self) -> &str { + self.0.as_str() + } +} + +impl From for Password { + fn from(s: String) -> Password { + Password(s) + } +} + +impl<'a> From<&'a str> for Password { + fn from(s: &'a str) -> Password { + Password::from(String::from(s)) + } +} /// Crypto module for keystore. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] @@ -14,11 +43,11 @@ pub struct Crypto { impl Crypto { /// Generate crypto module for `Keystore` given the password, /// secret to encrypt, kdf params and cipher params. - pub fn encrypt(password: String, secret: &[u8], kdf: Kdf, cipher: Cipher) -> Self { + pub fn encrypt(password: Password, secret: &[u8], kdf: Kdf, cipher: Cipher) -> Self { // Generate derived key let derived_key = match &kdf { - Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(&password), - Kdf::Scrypt(scrypt) => scrypt.derive_key(&password), + Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(password.as_str()), + Kdf::Scrypt(scrypt) => scrypt.derive_key(password.as_str()), }; // Encrypt secret let cipher_message = match &cipher { @@ -51,11 +80,11 @@ impl Crypto { /// /// An error will be returned if `cipher.message` is not in hex format or /// if password is incorrect. - pub fn decrypt(&self, password: String) -> Result, String> { + pub fn decrypt(&self, password: Password) -> Result, String> { // Generate derived key let derived_key = match &self.kdf.params { - Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(&password), - Kdf::Scrypt(scrypt) => scrypt.derive_key(&password), + Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(password.as_str()), + Kdf::Scrypt(scrypt) => scrypt.derive_key(password.as_str()), }; // Regenerate checksum let mut pre_image: Vec = derived_key[16..32].to_owned(); @@ -104,7 +133,7 @@ mod tests { let salt = hex::decode("d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3") .unwrap(); let iv = hex::decode("264daa3f303d7259501c93d997d84fe6").unwrap(); - let password = "testpassword".to_string(); + let password = Password("testpassword".to_string()); let kdf = Kdf::Pbkdf2(Pbkdf2 { dklen: 32, diff --git a/validator_client/src/keystore/mod.rs b/validator_client/src/keystore/mod.rs index 24583cfadd2..509ce66c4c0 100644 --- a/validator_client/src/keystore/mod.rs +++ b/validator_client/src/keystore/mod.rs @@ -9,9 +9,23 @@ use bls::{Keypair, PublicKey, SecretKey}; use serde::{Deserialize, Serialize}; use serde_repr::*; use uuid::Uuid; +use zeroize::Zeroize; + +pub use crate::keystore::crypto::Password; const PRIVATE_KEY_BYTES: usize = 48; +/// Wrapper over BLS secret key that is compatible with Milagro. +#[derive(Zeroize)] +#[zeroize(drop)] +struct MilagroSecretKey([u8; PRIVATE_KEY_BYTES]); + +impl MilagroSecretKey { + fn as_ref(&self) -> &[u8] { + &self.0 + } +} + /// Version for `Keystore`. #[derive(Debug, Clone, PartialEq, Serialize_repr, Deserialize_repr)] #[repr(u8)] @@ -42,7 +56,7 @@ impl Keystore { /// keypair and password. Optionally, provide params for kdf, cipher and a uuid. pub fn new( keypair: &Keypair, - password: String, + password: Password, kdf: Option, cipher: Option, uuid: Option, @@ -71,13 +85,13 @@ impl Keystore { /// An error is returned if the password provided is incorrect or if /// keystore does not contain valid hex strings or if the secret contained is not a /// BLS12-381 secret key. - fn to_keypair(&self, password: String) -> Result { + pub fn to_keypair(&self, password: Password) -> Result { let sk_bytes = self.crypto.decrypt(password)?; if sk_bytes.len() != 32 { return Err(format!("Invalid secret key size: {:?}", sk_bytes)); } let padded_sk_bytes = pad_secret_key(&sk_bytes); - let sk = SecretKey::from_bytes(&padded_sk_bytes) + let sk = SecretKey::from_bytes(padded_sk_bytes.as_ref()) .map_err(|e| format!("Invalid secret key in keystore {:?}", e))?; let pk = PublicKey::from_secret_key(&sk); if pk.as_hex_string()[2..].to_string() != self.pubkey { @@ -89,10 +103,10 @@ impl Keystore { /// Pad 0's to a 32 bytes BLS secret key to make it compatible with the Milagro library /// Note: Milagro library only accepts 48 byte bls12 381 private keys. -fn pad_secret_key(sk: &[u8]) -> [u8; PRIVATE_KEY_BYTES] { +fn pad_secret_key(sk: &[u8]) -> MilagroSecretKey { let mut bytes = [0; PRIVATE_KEY_BYTES]; bytes[PRIVATE_KEY_BYTES - sk.len()..].copy_from_slice(sk); - bytes + MilagroSecretKey(bytes) } // Test cases taken from https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases @@ -102,7 +116,7 @@ mod tests { #[test] fn test_vectors() { let expected_secret = "000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f"; - let password = "testpassword".to_string(); + let password: Password = "testpassword".into(); let scrypt_test_vector = r#" { "crypto": { @@ -174,7 +188,10 @@ mod tests { let keystore: Keystore = serde_json::from_str(test).unwrap(); let keypair = keystore.to_keypair(password.clone()).unwrap(); let expected_sk = pad_secret_key(&hex::decode(expected_secret).unwrap()); - assert_eq!(keypair.sk.as_raw().as_bytes(), expected_sk.to_vec()) + assert_eq!( + keypair.sk.as_raw().as_bytes(), + expected_sk.as_ref().to_vec() + ) } } } diff --git a/validator_client/src/validator_directory.rs b/validator_client/src/validator_directory.rs index 83003793141..4e5228db41c 100644 --- a/validator_client/src/validator_directory.rs +++ b/validator_client/src/validator_directory.rs @@ -1,4 +1,4 @@ -use crate::keystore::Keystore; +use crate::keystore::{Keystore, Password}; use bls::get_withdrawal_credentials; use deposit_contract::eth1_tx_data; use hex; @@ -106,7 +106,7 @@ fn load_keypair(base_path: PathBuf, file_prefix: &str) -> Result Result { +fn load_keystore(path: PathBuf) -> Result { if !path.exists() { return Err(format!("Keypair file does not exist: {:?}", path)); } From 7fbc971a6659d1598d30920f602e8697088bddea Mon Sep 17 00:00:00 2001 From: pawan Date: Fri, 6 Mar 2020 19:55:51 +0530 Subject: [PATCH 25/63] Fix test --- validator_client/src/keystore/crypto.rs | 4 ++-- validator_client/src/validator_directory.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/validator_client/src/keystore/crypto.rs b/validator_client/src/keystore/crypto.rs index 30d8ba9e439..31a8b29560c 100644 --- a/validator_client/src/keystore/crypto.rs +++ b/validator_client/src/keystore/crypto.rs @@ -133,7 +133,7 @@ mod tests { let salt = hex::decode("d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3") .unwrap(); let iv = hex::decode("264daa3f303d7259501c93d997d84fe6").unwrap(); - let password = Password("testpassword".to_string()); + let password: Password = "testpassword".into(); let kdf = Kdf::Pbkdf2(Pbkdf2 { dklen: 32, @@ -169,7 +169,7 @@ mod tests { let salt = hex::decode("d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3") .unwrap(); let iv = hex::decode("264daa3f303d7259501c93d997d84fe6").unwrap(); - let password = "testpassword".to_string(); + let password: Password = "testpassword".into(); let kdf = Kdf::Scrypt(Scrypt { dklen: 32, diff --git a/validator_client/src/validator_directory.rs b/validator_client/src/validator_directory.rs index 4e5228db41c..35620f6c982 100644 --- a/validator_client/src/validator_directory.rs +++ b/validator_client/src/validator_directory.rs @@ -1,4 +1,4 @@ -use crate::keystore::{Keystore, Password}; +use crate::keystore::Keystore; use bls::get_withdrawal_credentials; use deposit_contract::eth1_tx_data; use hex; From fbb4984686810a0d0eeab7db534b31a18fe00995 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Tue, 28 Apr 2020 13:02:42 +1000 Subject: [PATCH 26/63] Move keystore into own crate --- Cargo.lock | 20 ++++++++++++++++--- Cargo.toml | 1 + eth2/utils/eth2_keystore/Cargo.toml | 19 ++++++++++++++++++ .../utils/eth2_keystore/src}/checksum.rs | 0 .../utils/eth2_keystore/src}/cipher.rs | 0 .../utils/eth2_keystore/src}/crypto.rs | 10 +++++----- .../utils/eth2_keystore/src}/kdf.rs | 0 .../utils/eth2_keystore/src/lib.rs | 9 +++++---- validator_client/Cargo.toml | 6 ++---- validator_client/src/lib.rs | 1 - validator_client/src/validator_directory.rs | 2 +- 11 files changed, 50 insertions(+), 18 deletions(-) create mode 100644 eth2/utils/eth2_keystore/Cargo.toml rename {validator_client/src/keystore => eth2/utils/eth2_keystore/src}/checksum.rs (100%) rename {validator_client/src/keystore => eth2/utils/eth2_keystore/src}/cipher.rs (100%) rename {validator_client/src/keystore => eth2/utils/eth2_keystore/src}/crypto.rs (96%) rename {validator_client/src/keystore => eth2/utils/eth2_keystore/src}/kdf.rs (100%) rename validator_client/src/keystore/mod.rs => eth2/utils/eth2_keystore/src/lib.rs (97%) diff --git a/Cargo.lock b/Cargo.lock index dcdef874e20..a2c6dd5ddbe 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1192,6 +1192,22 @@ dependencies = [ "serde_yaml 0.8.11 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "eth2_keystore" +version = "0.1.0" +dependencies = [ + "bls 0.2.0", + "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)", + "rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)", + "serde 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)", + "serde_json 1.0.51 (registry+https://github.com/rust-lang/crates.io-index)", + "serde_repr 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", + "time 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", + "uuid 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", + "zeroize 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "eth2_ssz" version = "0.1.2" @@ -4770,6 +4786,7 @@ dependencies = [ "error-chain 0.12.2 (registry+https://github.com/rust-lang/crates.io-index)", "eth2_config 0.2.0", "eth2_interop_keypairs 0.2.0", + "eth2_keystore 0.1.0", "eth2_ssz 0.1.2", "eth2_ssz_derive 0.1.0", "exit-future 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)", @@ -4778,11 +4795,9 @@ dependencies = [ "libc 0.2.69 (registry+https://github.com/rust-lang/crates.io-index)", "logging 0.2.0", "parking_lot 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)", - "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)", "rayon 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)", "remote_beacon_node 0.2.0", "rest_types 0.2.0", - "rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)", "serde 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)", "serde_derive 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)", "serde_json 1.0.51 (registry+https://github.com/rust-lang/crates.io-index)", @@ -4799,7 +4814,6 @@ dependencies = [ "types 0.2.0", "uuid 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", "web3 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)", - "zeroize 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 453577d231a..01b55c9268d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,6 +11,7 @@ members = [ "eth2/utils/deposit_contract", "eth2/utils/eth2_config", "eth2/utils/eth2_interop_keypairs", + "eth2/utils/eth2_keystore", "eth2/utils/eth2_testnet_config", "eth2/utils/logging", "eth2/utils/eth2_hashing", diff --git a/eth2/utils/eth2_keystore/Cargo.toml b/eth2/utils/eth2_keystore/Cargo.toml new file mode 100644 index 00000000000..3cf2582da7e --- /dev/null +++ b/eth2/utils/eth2_keystore/Cargo.toml @@ -0,0 +1,19 @@ +[package] +name = "eth2_keystore" +version = "0.1.0" +authors = ["Pawan Dhananjay "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +rand = "0.7.2" +rust-crypto = "0.2.36" +uuid = { version = "0.8", features = ["serde", "v4"] } +time = "0.1.42" +zeroize = { version = "1.0.0", features = ["zeroize_derive"] } +serde = "1.0.102" +serde_repr = "0.1" +hex = "0.3" +bls = { path = "../bls" } +serde_json = "1.0.41" diff --git a/validator_client/src/keystore/checksum.rs b/eth2/utils/eth2_keystore/src/checksum.rs similarity index 100% rename from validator_client/src/keystore/checksum.rs rename to eth2/utils/eth2_keystore/src/checksum.rs diff --git a/validator_client/src/keystore/cipher.rs b/eth2/utils/eth2_keystore/src/cipher.rs similarity index 100% rename from validator_client/src/keystore/cipher.rs rename to eth2/utils/eth2_keystore/src/cipher.rs diff --git a/validator_client/src/keystore/crypto.rs b/eth2/utils/eth2_keystore/src/crypto.rs similarity index 96% rename from validator_client/src/keystore/crypto.rs rename to eth2/utils/eth2_keystore/src/crypto.rs index 31a8b29560c..1e27ffbad72 100644 --- a/validator_client/src/keystore/crypto.rs +++ b/eth2/utils/eth2_keystore/src/crypto.rs @@ -1,6 +1,6 @@ -use crate::keystore::checksum::{Checksum, ChecksumModule}; -use crate::keystore::cipher::{Cipher, CipherModule}; -use crate::keystore::kdf::{Kdf, KdfModule}; +use crate::checksum::{Checksum, ChecksumModule}; +use crate::cipher::{Cipher, CipherModule}; +use crate::kdf::{Kdf, KdfModule}; use serde::{Deserialize, Serialize}; use std::fmt; use zeroize::Zeroize; @@ -113,8 +113,8 @@ impl Crypto { #[cfg(test)] mod tests { use super::*; - use crate::keystore::cipher::{Aes128Ctr, Cipher}; - use crate::keystore::kdf::{Kdf, Pbkdf2, Prf, Scrypt}; + use crate::cipher::{Aes128Ctr, Cipher}; + use crate::kdf::{Kdf, Pbkdf2, Prf, Scrypt}; fn from_slice(bytes: &[u8]) -> [u8; 16] { let mut array = [0; 16]; diff --git a/validator_client/src/keystore/kdf.rs b/eth2/utils/eth2_keystore/src/kdf.rs similarity index 100% rename from validator_client/src/keystore/kdf.rs rename to eth2/utils/eth2_keystore/src/kdf.rs diff --git a/validator_client/src/keystore/mod.rs b/eth2/utils/eth2_keystore/src/lib.rs similarity index 97% rename from validator_client/src/keystore/mod.rs rename to eth2/utils/eth2_keystore/src/lib.rs index 509ce66c4c0..30aa68906c6 100644 --- a/validator_client/src/keystore/mod.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -2,16 +2,17 @@ mod checksum; mod cipher; mod crypto; mod kdf; -use crate::keystore::cipher::Cipher; -use crate::keystore::crypto::Crypto; -use crate::keystore::kdf::Kdf; + +use crate::cipher::Cipher; +use crate::crypto::Crypto; +use crate::kdf::Kdf; use bls::{Keypair, PublicKey, SecretKey}; use serde::{Deserialize, Serialize}; use serde_repr::*; use uuid::Uuid; use zeroize::Zeroize; -pub use crate::keystore::crypto::Password; +pub use crate::crypto::Password; const PRIVATE_KEY_BYTES: usize = 48; diff --git a/validator_client/Cargo.toml b/validator_client/Cargo.toml index 004256abf51..fa1dbad66d2 100644 --- a/validator_client/Cargo.toml +++ b/validator_client/Cargo.toml @@ -42,9 +42,7 @@ bls = { path = "../eth2/utils/bls" } remote_beacon_node = { path = "../eth2/utils/remote_beacon_node" } tempdir = "0.3" rayon = "1.2.0" -rand = "0.7.2" -rust-crypto = "0.2.36" uuid = { version = "0.8", features = ["serde", "v4"] } -time = "0.1.42" -zeroize = { version = "1.0.0", features = ["zeroize_derive"] } web3 = "0.10.0" +time = "0.1.42" +eth2_keystore = { path = "../eth2/utils/eth2_keystore" } diff --git a/validator_client/src/lib.rs b/validator_client/src/lib.rs index d1126080a87..ec7e2a743d2 100644 --- a/validator_client/src/lib.rs +++ b/validator_client/src/lib.rs @@ -4,7 +4,6 @@ mod cli; mod config; mod duties_service; mod fork_service; -mod keystore; mod notifier; mod validator_store; diff --git a/validator_client/src/validator_directory.rs b/validator_client/src/validator_directory.rs index 66e613678c6..625e433d900 100644 --- a/validator_client/src/validator_directory.rs +++ b/validator_client/src/validator_directory.rs @@ -1,6 +1,6 @@ -use crate::keystore::Keystore; use bls::get_withdrawal_credentials; use deposit_contract::{encode_eth1_tx_data, DEPOSIT_GAS}; +use eth2_keystore::Keystore; use futures::{Future, IntoFuture}; use hex; use ssz::{Decode, Encode}; From e8b504653271ffefdf79c0973aedfa048480054e Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Wed, 29 Apr 2020 12:13:48 +1000 Subject: [PATCH 27/63] Remove padding --- eth2/utils/eth2_keystore/src/lib.rs | 33 ++++------------------------- 1 file changed, 4 insertions(+), 29 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index 30aa68906c6..343b3cb0a06 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -10,23 +10,9 @@ use bls::{Keypair, PublicKey, SecretKey}; use serde::{Deserialize, Serialize}; use serde_repr::*; use uuid::Uuid; -use zeroize::Zeroize; pub use crate::crypto::Password; -const PRIVATE_KEY_BYTES: usize = 48; - -/// Wrapper over BLS secret key that is compatible with Milagro. -#[derive(Zeroize)] -#[zeroize(drop)] -struct MilagroSecretKey([u8; PRIVATE_KEY_BYTES]); - -impl MilagroSecretKey { - fn as_ref(&self) -> &[u8] { - &self.0 - } -} - /// Version for `Keystore`. #[derive(Debug, Clone, PartialEq, Serialize_repr, Deserialize_repr)] #[repr(u8)] @@ -91,8 +77,7 @@ impl Keystore { if sk_bytes.len() != 32 { return Err(format!("Invalid secret key size: {:?}", sk_bytes)); } - let padded_sk_bytes = pad_secret_key(&sk_bytes); - let sk = SecretKey::from_bytes(padded_sk_bytes.as_ref()) + let sk = SecretKey::from_bytes(sk_bytes.as_ref()) .map_err(|e| format!("Invalid secret key in keystore {:?}", e))?; let pk = PublicKey::from_secret_key(&sk); if pk.as_hex_string()[2..].to_string() != self.pubkey { @@ -102,18 +87,11 @@ impl Keystore { } } -/// Pad 0's to a 32 bytes BLS secret key to make it compatible with the Milagro library -/// Note: Milagro library only accepts 48 byte bls12 381 private keys. -fn pad_secret_key(sk: &[u8]) -> MilagroSecretKey { - let mut bytes = [0; PRIVATE_KEY_BYTES]; - bytes[PRIVATE_KEY_BYTES - sk.len()..].copy_from_slice(sk); - MilagroSecretKey(bytes) -} - // Test cases taken from https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases #[cfg(test)] mod tests { use super::*; + #[test] fn test_vectors() { let expected_secret = "000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f"; @@ -188,11 +166,8 @@ mod tests { for test in test_vectors { let keystore: Keystore = serde_json::from_str(test).unwrap(); let keypair = keystore.to_keypair(password.clone()).unwrap(); - let expected_sk = pad_secret_key(&hex::decode(expected_secret).unwrap()); - assert_eq!( - keypair.sk.as_raw().as_bytes(), - expected_sk.as_ref().to_vec() - ) + let expected_sk = hex::decode(expected_secret).unwrap(); + assert_eq!(keypair.sk.as_raw().as_bytes(), expected_sk) } } } From e8348d9d409482f5a3fd336c03332221ea55e977 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Wed, 29 Apr 2020 15:03:36 +1000 Subject: [PATCH 28/63] Add error enum, zeroize more things --- Cargo.lock | 1 + eth2/utils/eth2_keystore/Cargo.toml | 1 + eth2/utils/eth2_keystore/src/checksum.rs | 11 ++--- eth2/utils/eth2_keystore/src/cipher.rs | 29 ++++++++++-- eth2/utils/eth2_keystore/src/crypto.rs | 52 ++++++++++------------ eth2/utils/eth2_keystore/src/kdf.rs | 56 ++++++++++++++++++++---- eth2/utils/eth2_keystore/src/lib.rs | 28 +++++++++--- 7 files changed, 126 insertions(+), 52 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 33e26ebd102..46278af19a9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1197,6 +1197,7 @@ name = "eth2_keystore" version = "0.1.0" dependencies = [ "bls 0.2.0", + "eth2_ssz 0.1.2", "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)", "rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)", diff --git a/eth2/utils/eth2_keystore/Cargo.toml b/eth2/utils/eth2_keystore/Cargo.toml index 3cf2582da7e..cf25ee7e575 100644 --- a/eth2/utils/eth2_keystore/Cargo.toml +++ b/eth2/utils/eth2_keystore/Cargo.toml @@ -16,4 +16,5 @@ serde = "1.0.102" serde_repr = "0.1" hex = "0.3" bls = { path = "../bls" } +eth2_ssz = { path = "../ssz" } serde_json = "1.0.41" diff --git a/eth2/utils/eth2_keystore/src/checksum.rs b/eth2/utils/eth2_keystore/src/checksum.rs index 805c6681629..609d8ece462 100644 --- a/eth2/utils/eth2_keystore/src/checksum.rs +++ b/eth2/utils/eth2_keystore/src/checksum.rs @@ -1,3 +1,4 @@ +use crate::kdf::DerivedKey; use crypto::digest::Digest; use crypto::sha2::Sha256; use serde::{Deserialize, Serialize}; @@ -11,13 +12,13 @@ pub struct ChecksumModule { } #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -pub struct Checksum(String); +pub struct Sha256Checksum(String); -impl Checksum { - /// Generate checksum using checksum function. - pub fn gen_checksum(message: &[u8]) -> String { +impl Sha256Checksum { + pub fn generate(derived_key: &DerivedKey, cipher_message: &[u8]) -> String { let mut hasher = Sha256::new(); - hasher.input(message); + hasher.input(derived_key.checksum_slice()); + hasher.input(cipher_message); hasher.result_str() } diff --git a/eth2/utils/eth2_keystore/src/cipher.rs b/eth2/utils/eth2_keystore/src/cipher.rs index e95d1ee5e13..54855a19dee 100644 --- a/eth2/utils/eth2_keystore/src/cipher.rs +++ b/eth2/utils/eth2_keystore/src/cipher.rs @@ -2,9 +2,32 @@ use crypto::aes::{ctr, KeySize}; use rand::prelude::*; use serde::{de, Deserialize, Serialize, Serializer}; use std::default::Default; +use zeroize::Zeroize; const IV_SIZE: usize = 16; +#[derive(Zeroize, Clone, PartialEq)] +#[zeroize(drop)] +pub struct PlainText(Vec); + +impl PlainText { + pub fn zero(len: usize) -> Self { + Self(vec![0; len]) + } + + pub fn len(&self) -> usize { + self.0.len() + } + + pub fn as_bytes(&self) -> &[u8] { + &self.0 + } + + pub fn as_mut_bytes(&mut self) -> &mut [u8] { + &mut self.0 + } +} + /// Convert slice to fixed length array. /// Returns `None` if slice has len > `IV_SIZE` fn from_slice(bytes: &[u8]) -> Option<[u8; IV_SIZE]> { @@ -41,10 +64,10 @@ impl Aes128Ctr { ct } - pub fn decrypt(&self, key: &[u8], ct: &[u8]) -> Vec { + pub fn decrypt(&self, key: &[u8], ct: &[u8]) -> PlainText { // TODO: sanity checks - let mut pt = vec![0; ct.len()]; - ctr(KeySize::KeySize128, key, &self.iv).process(ct, &mut pt); + let mut pt = PlainText::zero(ct.len()); + ctr(KeySize::KeySize128, key, &self.iv).process(ct, &mut pt.as_mut_bytes()); pt } } diff --git a/eth2/utils/eth2_keystore/src/crypto.rs b/eth2/utils/eth2_keystore/src/crypto.rs index 1e27ffbad72..abfe90c52a5 100644 --- a/eth2/utils/eth2_keystore/src/crypto.rs +++ b/eth2/utils/eth2_keystore/src/crypto.rs @@ -1,6 +1,7 @@ -use crate::checksum::{Checksum, ChecksumModule}; -use crate::cipher::{Cipher, CipherModule}; +use crate::checksum::{ChecksumModule, Sha256Checksum}; +use crate::cipher::{Cipher, CipherModule, PlainText}; use crate::kdf::{Kdf, KdfModule}; +use crate::Error; use serde::{Deserialize, Serialize}; use std::fmt; use zeroize::Zeroize; @@ -20,12 +21,14 @@ impl Password { } } +#[cfg(test)] impl From for Password { fn from(s: String) -> Password { Password(s) } } +#[cfg(test)] impl<'a> From<&'a str> for Password { fn from(s: &'a str) -> Password { Password::from(String::from(s)) @@ -50,13 +53,10 @@ impl Crypto { Kdf::Scrypt(scrypt) => scrypt.derive_key(password.as_str()), }; // Encrypt secret - let cipher_message = match &cipher { - Cipher::Aes128Ctr(cipher) => cipher.encrypt(&derived_key[0..16], secret), + let cipher_message: Vec = match &cipher { + Cipher::Aes128Ctr(cipher) => cipher.encrypt(derived_key.aes_key(), secret), }; - // Generate checksum - let mut pre_image: Vec = derived_key[16..32].to_owned(); - pre_image.append(&mut cipher_message.clone()); - let checksum = Checksum::gen_checksum(&pre_image); + Crypto { kdf: KdfModule { function: kdf.function(), @@ -64,9 +64,9 @@ impl Crypto { message: "".to_string(), }, checksum: ChecksumModule { - function: Checksum::function(), + function: Sha256Checksum::function(), params: serde_json::Value::Object(serde_json::Map::default()), - message: checksum, + message: Sha256Checksum::generate(&derived_key, &cipher_message), }, cipher: CipherModule { function: cipher.function(), @@ -80,31 +80,25 @@ impl Crypto { /// /// An error will be returned if `cipher.message` is not in hex format or /// if password is incorrect. - pub fn decrypt(&self, password: Password) -> Result, String> { + pub fn decrypt(&self, password: Password) -> Result { + let cipher_message = + hex::decode(self.cipher.message.clone()).map_err(Error::InvalidCipherMessageHex)?; + // Generate derived key let derived_key = match &self.kdf.params { Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(password.as_str()), Kdf::Scrypt(scrypt) => scrypt.derive_key(password.as_str()), }; - // Regenerate checksum - let mut pre_image: Vec = derived_key[16..32].to_owned(); - pre_image.append( - &mut hex::decode(self.cipher.message.clone()) - .map_err(|e| format!("Cipher message should be in hex: {}", e))?, - ); - let checksum = Checksum::gen_checksum(&pre_image); - - // `password` is incorrect if checksums don't match - if checksum != self.checksum.message { - return Err("Incorrect password. Checksum does not match".into()); + + // Mismatching `password` indicates an invalid password. + if Sha256Checksum::generate(&derived_key, &cipher_message) != self.checksum.message { + return Err(Error::InvalidPassword); } + let secret = match &self.cipher.params { - Cipher::Aes128Ctr(cipher) => cipher.decrypt( - &derived_key[0..16], - &hex::decode(self.cipher.message.clone()) - .map_err(|e| format!("Cipher message should be in hex: {}", e))?, - ), + Cipher::Aes128Ctr(cipher) => cipher.decrypt(&derived_key.aes_key(), &cipher_message), }; + Ok(secret) } } @@ -156,7 +150,7 @@ mod tests { let recovered_keystore: Crypto = serde_json::from_str(&json).unwrap(); let recovered_secret = recovered_keystore.decrypt(password).unwrap(); - assert_eq!(secret, recovered_secret); + assert_eq!(secret, recovered_secret.as_bytes()); } #[test] @@ -193,6 +187,6 @@ mod tests { let recovered_keystore: Crypto = serde_json::from_str(&json).unwrap(); let recovered_secret = recovered_keystore.decrypt(password).unwrap(); - assert_eq!(secret, recovered_secret); + assert_eq!(secret, recovered_secret.as_bytes()); } } diff --git a/eth2/utils/eth2_keystore/src/kdf.rs b/eth2/utils/eth2_keystore/src/kdf.rs index 930afb7c158..5a2cec48126 100644 --- a/eth2/utils/eth2_keystore/src/kdf.rs +++ b/eth2/utils/eth2_keystore/src/kdf.rs @@ -3,10 +3,48 @@ use crypto::{hmac::Hmac, mac::Mac, pbkdf2, scrypt}; use rand::prelude::*; use serde::{de, Deserialize, Serialize, Serializer}; use std::default::Default; +use zeroize::Zeroize; // TODO: verify size of salt const SALT_SIZE: usize = 32; -const DECRYPTION_KEY_SIZE: u32 = 32; +const DECRYPTION_KEY_SIZE: usize = 32; +const DKLEN: u32 = 32; + +#[derive(Zeroize)] +#[zeroize(drop)] +pub struct DerivedKey([u8; DECRYPTION_KEY_SIZE]); + +impl DerivedKey { + /// Instantiates `Self` with a all-zeros byte array. + fn zero() -> Self { + Self([0; DECRYPTION_KEY_SIZE]) + } + + /// Returns a mutable reference to the underlying byte array. + fn as_mut_bytes(&mut self) -> &mut [u8] { + &mut self.0 + } + + /// Returns the `DK_slice` bytes used for checksum comparison. + /// + /// ## Reference + /// + /// # https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2335.md#procedure + pub fn checksum_slice(&self) -> &[u8] { + &self.0[16..32] + } + + /// Returns the aes-128-ctr key. + /// + /// Only the first 16 bytes of the decryption_key are used as the AES key. + /// + /// ## Reference + /// + /// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2335.md#secret-decryption + pub fn aes_key(&self) -> &[u8] { + &self.0[0..16] + } +} /// Parameters for `pbkdf2` key derivation. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] @@ -22,7 +60,7 @@ impl Default for Pbkdf2 { fn default() -> Self { let salt = rand::thread_rng().gen::<[u8; SALT_SIZE]>(); Pbkdf2 { - dklen: DECRYPTION_KEY_SIZE, + dklen: DKLEN, c: 262144, prf: Prf::default(), salt: salt.to_vec(), @@ -32,10 +70,10 @@ impl Default for Pbkdf2 { impl Pbkdf2 { /// Derive key from password. - pub fn derive_key(&self, password: &str) -> [u8; DECRYPTION_KEY_SIZE as usize] { - let mut dk = [0u8; DECRYPTION_KEY_SIZE as usize]; + pub fn derive_key(&self, password: &str) -> DerivedKey { + let mut dk = DerivedKey::zero(); let mut mac = self.prf.mac(password.as_bytes()); - pbkdf2::pbkdf2(&mut mac, &self.salt, self.c, &mut dk); + pbkdf2::pbkdf2(&mut mac, &self.salt, self.c, dk.as_mut_bytes()); dk } } @@ -61,12 +99,12 @@ fn log2_int(x: u32) -> u32 { } impl Scrypt { - pub fn derive_key(&self, password: &str) -> [u8; DECRYPTION_KEY_SIZE as usize] { - let mut dk = [0u8; DECRYPTION_KEY_SIZE as usize]; + pub fn derive_key(&self, password: &str) -> DerivedKey { + let mut dk = DerivedKey::zero(); // Assert that `n` is power of 2 debug_assert_eq!(self.n, 2u32.pow(log2_int(self.n))); let params = scrypt::ScryptParams::new(log2_int(self.n) as u8, self.r, self.p); - scrypt::scrypt(password.as_bytes(), &self.salt, ¶ms, &mut dk); + scrypt::scrypt(password.as_bytes(), &self.salt, ¶ms, &mut dk.0); dk } } @@ -75,7 +113,7 @@ impl Default for Scrypt { fn default() -> Self { let salt = rand::thread_rng().gen::<[u8; SALT_SIZE]>(); Scrypt { - dklen: DECRYPTION_KEY_SIZE, + dklen: DKLEN, n: 262144, r: 8, p: 1, diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index 343b3cb0a06..7e83a1fae4b 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -7,12 +7,16 @@ use crate::cipher::Cipher; use crate::crypto::Crypto; use crate::kdf::Kdf; use bls::{Keypair, PublicKey, SecretKey}; +use hex::FromHexError; use serde::{Deserialize, Serialize}; use serde_repr::*; +use ssz::DecodeError; use uuid::Uuid; pub use crate::crypto::Password; +const SECRET_KEY_LEN: usize = 32; + /// Version for `Keystore`. #[derive(Debug, Clone, PartialEq, Serialize_repr, Deserialize_repr)] #[repr(u8)] @@ -26,6 +30,15 @@ impl Default for Version { } } +#[derive(Debug, PartialEq)] +pub enum Error { + InvalidSecretKeyLen { len: usize, expected: usize }, + InvalidCipherMessageHex(FromHexError), + InvalidPassword, + InvalidSecretKeyBytes(DecodeError), + PublicKeyMismatch, +} + /// TODO: Implement `path` according to /// https://github.com/CarlBeek/EIPs/blob/bls_path/EIPS/eip-2334.md /// For now, `path` is set to en empty string. @@ -72,16 +85,19 @@ impl Keystore { /// An error is returned if the password provided is incorrect or if /// keystore does not contain valid hex strings or if the secret contained is not a /// BLS12-381 secret key. - pub fn to_keypair(&self, password: Password) -> Result { + pub fn to_keypair(&self, password: Password) -> Result { let sk_bytes = self.crypto.decrypt(password)?; - if sk_bytes.len() != 32 { - return Err(format!("Invalid secret key size: {:?}", sk_bytes)); + if sk_bytes.len() != SECRET_KEY_LEN { + return Err(Error::InvalidSecretKeyLen { + len: sk_bytes.len(), + expected: SECRET_KEY_LEN, + }); } - let sk = SecretKey::from_bytes(sk_bytes.as_ref()) - .map_err(|e| format!("Invalid secret key in keystore {:?}", e))?; + let sk = + SecretKey::from_bytes(sk_bytes.as_bytes()).map_err(Error::InvalidSecretKeyBytes)?; let pk = PublicKey::from_secret_key(&sk); if pk.as_hex_string()[2..].to_string() != self.pubkey { - return Err(format!("Decoded pubkey doesn't match keystore pubkey")); + return Err(Error::PublicKeyMismatch); } Ok(Keypair { sk, pk }) } From 80024f6f3ad3500631c1bf417c425585f60ffdf6 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Wed, 29 Apr 2020 15:05:22 +1000 Subject: [PATCH 29/63] Fix comment --- eth2/utils/eth2_keystore/src/kdf.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eth2/utils/eth2_keystore/src/kdf.rs b/eth2/utils/eth2_keystore/src/kdf.rs index 5a2cec48126..69139de8f8f 100644 --- a/eth2/utils/eth2_keystore/src/kdf.rs +++ b/eth2/utils/eth2_keystore/src/kdf.rs @@ -29,7 +29,7 @@ impl DerivedKey { /// /// ## Reference /// - /// # https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2335.md#procedure + /// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2335.md#procedure pub fn checksum_slice(&self) -> &[u8] { &self.0[16..32] } From 9671f4ab456d8d15e13a871c0dd723553f0ab6d8 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Mon, 4 May 2020 16:20:11 +1000 Subject: [PATCH 30/63] Add keystore builder --- eth2/utils/eth2_keystore/src/crypto.rs | 1 + eth2/utils/eth2_keystore/src/lib.rs | 75 +++++++++++++++++--------- 2 files changed, 52 insertions(+), 24 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/crypto.rs b/eth2/utils/eth2_keystore/src/crypto.rs index abfe90c52a5..695ac4b1e1e 100644 --- a/eth2/utils/eth2_keystore/src/crypto.rs +++ b/eth2/utils/eth2_keystore/src/crypto.rs @@ -15,6 +15,7 @@ impl fmt::Display for Password { write!(f, "******") } } + impl Password { pub fn as_str(&self) -> &str { self.0.as_str() diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index 7e83a1fae4b..5b15c5fcf80 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -37,6 +37,41 @@ pub enum Error { InvalidPassword, InvalidSecretKeyBytes(DecodeError), PublicKeyMismatch, + EmptyPassword, +} + +pub struct KeystoreBuilder<'a> { + keypair: &'a Keypair, + password: Password, + kdf: Kdf, + cipher: Cipher, + uuid: Uuid, +} + +impl<'a> KeystoreBuilder<'a> { + pub fn new(keypair: &'a Keypair, password: Password) -> Result { + if password.as_str() == "" { + Err(Error::EmptyPassword) + } else { + Ok(Self { + keypair, + password, + kdf: <_>::default(), + cipher: <_>::default(), + uuid: Uuid::new_v4(), + }) + } + } + + pub fn build(self) -> Keystore { + Keystore::new( + self.keypair, + self.password, + self.kdf, + self.cipher, + self.uuid, + ) + } } /// TODO: Implement `path` according to @@ -44,38 +79,25 @@ pub enum Error { /// For now, `path` is set to en empty string. #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] pub struct Keystore { - pub crypto: Crypto, - pub uuid: Uuid, - pub path: String, - pub pubkey: String, - pub version: Version, + crypto: Crypto, + uuid: Uuid, + path: String, + pubkey: String, + version: Version, } impl Keystore { /// Generate `Keystore` object for a BLS12-381 secret key from a - /// keypair and password. Optionally, provide params for kdf, cipher and a uuid. - pub fn new( - keypair: &Keypair, - password: Password, - kdf: Option, - cipher: Option, - uuid: Option, - ) -> Self { - let crypto = Crypto::encrypt( - password, - &keypair.sk.as_raw().as_bytes(), - kdf.unwrap_or_default(), - cipher.unwrap_or_default(), - ); - let uuid = uuid.unwrap_or(Uuid::new_v4()); - let version = Version::default(); - let path = String::new(); + /// keypair and password. + fn new(keypair: &Keypair, password: Password, kdf: Kdf, cipher: Cipher, uuid: Uuid) -> Self { + let crypto = Crypto::encrypt(password, &keypair.sk.as_raw().as_bytes(), kdf, cipher); + Keystore { crypto, uuid, - path, + path: String::new(), pubkey: keypair.pk.as_hex_string()[2..].to_string(), - version, + version: Version::default(), } } @@ -101,6 +123,11 @@ impl Keystore { } Ok(Keypair { sk, pk }) } + + /// Returns the UUID for the keystore. + pub fn uuid(&self) -> &Uuid { + &self.uuid + } } // Test cases taken from https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases From 1f30901f20c9ba50c25a2b8821c90f369b5d9c61 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Mon, 4 May 2020 17:01:25 +1000 Subject: [PATCH 31/63] Remove keystore stuff from val client --- Cargo.lock | 3 - validator_client/Cargo.toml | 3 - validator_client/src/validator_directory.rs | 82 --------------------- 3 files changed, 88 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9f8ab1c12bc..b3a3bc0f9c7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4788,7 +4788,6 @@ dependencies = [ "error-chain 0.12.2 (registry+https://github.com/rust-lang/crates.io-index)", "eth2_config 0.2.0", "eth2_interop_keypairs 0.2.0", - "eth2_keystore 0.1.0", "eth2_ssz 0.1.2", "eth2_ssz_derive 0.1.0", "exit-future 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)", @@ -4809,12 +4808,10 @@ dependencies = [ "slog-term 2.5.0 (registry+https://github.com/rust-lang/crates.io-index)", "slot_clock 0.2.0", "tempdir 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)", - "time 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", "tokio 0.1.22 (registry+https://github.com/rust-lang/crates.io-index)", "tokio-timer 0.2.13 (registry+https://github.com/rust-lang/crates.io-index)", "tree_hash 0.1.1", "types 0.2.0", - "uuid 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", "web3 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)", ] diff --git a/validator_client/Cargo.toml b/validator_client/Cargo.toml index fa1dbad66d2..22f01b2eef3 100644 --- a/validator_client/Cargo.toml +++ b/validator_client/Cargo.toml @@ -42,7 +42,4 @@ bls = { path = "../eth2/utils/bls" } remote_beacon_node = { path = "../eth2/utils/remote_beacon_node" } tempdir = "0.3" rayon = "1.2.0" -uuid = { version = "0.8", features = ["serde", "v4"] } web3 = "0.10.0" -time = "0.1.42" -eth2_keystore = { path = "../eth2/utils/eth2_keystore" } diff --git a/validator_client/src/validator_directory.rs b/validator_client/src/validator_directory.rs index 625e433d900..197e1cb44eb 100644 --- a/validator_client/src/validator_directory.rs +++ b/validator_client/src/validator_directory.rs @@ -1,6 +1,5 @@ use bls::get_withdrawal_credentials; use deposit_contract::{encode_eth1_tx_data, DEPOSIT_GAS}; -use eth2_keystore::Keystore; use futures::{Future, IntoFuture}; use hex; use ssz::{Decode, Encode}; @@ -14,7 +13,6 @@ use types::{ test_utils::generate_deterministic_keypair, ChainSpec, DepositData, Hash256, Keypair, PublicKey, SecretKey, Signature, }; -use uuid::Uuid; use web3::{ types::{Address, TransactionRequest, U256}, Transport, Web3, @@ -29,33 +27,11 @@ fn keypair_file(prefix: &str) -> String { format!("{}_keypair", prefix) } -/// Returns the filename of a keystore file. -fn keystore_file(keystore: &Keystore, prefix: &str) -> String { - format!( - "{}-{}-{}", - prefix, - &get_utc_time(), - keystore.uuid.to_string() - ) -} - /// Returns the name of the folder to be generated for a validator with the given voting key. fn dir_name(voting_pubkey: &PublicKey) -> String { format!("0x{}", hex::encode(voting_pubkey.as_ssz_bytes())) } -/// Returns the name of folder to be generated for a keystore with a given uuid. -fn dir_name_keystore(uuid: &Uuid) -> String { - uuid.to_string() -} - -/// Return UTC time. -fn get_utc_time() -> String { - let timestamp = time::strftime("%Y-%m-%dT%H-%M-%S", &time::now_utc()) - .expect("Time-format string is valid."); - format!("UTC--{}--", timestamp) -} - /// Represents the files/objects for each dedicated lighthouse validator directory. /// /// Generally lives in `~/.lighthouse/validators/`. @@ -110,19 +86,6 @@ fn load_keypair(base_path: PathBuf, file_prefix: &str) -> Result Result { - if !path.exists() { - return Err(format!("Keypair file does not exist: {:?}", path)); - } - - let mut key_file = - File::open(path.clone()).map_err(|e| format!("Unable to open keystore file: {}", e))?; - let keystore: Keystore = serde_json::from_reader(&mut key_file) - .map_err(|e| format!("Invalid keystore format: {:?}", e))?; - Ok(keystore) -} - /// Load eth1_deposit_data from file. fn load_eth1_deposit_data(base_path: PathBuf) -> Result, String> { let path = base_path.join(ETH1_DEPOSIT_DATA_FILE); @@ -240,22 +203,6 @@ impl ValidatorDirectoryBuilder { Ok(self) } - pub fn create_keystore_directory( - keystore: &Keystore, - base_path: PathBuf, - ) -> Result<(), String> { - let directory = base_path.join(dir_name_keystore(&keystore.uuid)); - if directory.exists() { - return Err(format!( - "Validator keystore directory already exists: {:?}", - directory - )); - } - fs::create_dir_all(&directory) - .map_err(|e| format!("Unable to create keystore validator directory: {}", e))?; - Ok(()) - } - pub fn write_keypair_files(self) -> Result { let voting_keypair = self .voting_keypair @@ -299,35 +246,6 @@ impl ValidatorDirectoryBuilder { Ok(()) } - pub fn save_keystore( - &self, - base_path: PathBuf, - keystore: &Keystore, - file_prefix: &str, - ) -> Result<(), String> { - let directory = base_path.join(dir_name_keystore(&keystore.uuid)); - let path = directory.join(keystore_file(&keystore, file_prefix)); - - if path.exists() { - return Err(format!("Keystore file already exists at: {:?}", path)); - } - - let file = File::create(&path).map_err(|e| format!("Unable to create file: {}", e))?; - - // Ensure file has correct permissions. - let mut perm = file - .metadata() - .map_err(|e| format!("Unable to get file metadata: {}", e))? - .permissions(); - perm.set_mode((libc::S_IWUSR | libc::S_IRUSR) as u32); - file.set_permissions(perm) - .map_err(|e| format!("Unable to set file permissions: {}", e))?; - - serde_json::to_writer_pretty(file, &keystore) - .map_err(|e| format!("Error writing keystore into file: {}", e))?; - Ok(()) - } - fn get_deposit_data(&self) -> Result<(Vec, u64), String> { let voting_keypair = self .voting_keypair From 7bdeef05d1885949926759713bb0a0a7dd9618cd Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Mon, 4 May 2020 17:02:38 +1000 Subject: [PATCH 32/63] Add more tests, comments --- eth2/utils/eth2_keystore/src/crypto.rs | 1 - eth2/utils/eth2_keystore/src/lib.rs | 97 +++++++++++++++++++++++--- 2 files changed, 86 insertions(+), 12 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/crypto.rs b/eth2/utils/eth2_keystore/src/crypto.rs index 695ac4b1e1e..39704235f47 100644 --- a/eth2/utils/eth2_keystore/src/crypto.rs +++ b/eth2/utils/eth2_keystore/src/crypto.rs @@ -22,7 +22,6 @@ impl Password { } } -#[cfg(test)] impl From for Password { fn from(s: String) -> Password { Password(s) diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index 5b15c5fcf80..33d6220c5bc 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -15,6 +15,7 @@ use uuid::Uuid; pub use crate::crypto::Password; +/// The byte-length of a BLS secret key. const SECRET_KEY_LEN: usize = 32; /// Version for `Keystore`. @@ -38,8 +39,11 @@ pub enum Error { InvalidSecretKeyBytes(DecodeError), PublicKeyMismatch, EmptyPassword, + UnableToSerialize, + InvalidJson, } +/// Constructs a `Keystore`. pub struct KeystoreBuilder<'a> { keypair: &'a Keypair, password: Password, @@ -49,6 +53,11 @@ pub struct KeystoreBuilder<'a> { } impl<'a> KeystoreBuilder<'a> { + /// Creates a new builder. + /// + /// ## Errors + /// + /// Returns `Error::EmptyPassword` if `password == ""`. pub fn new(keypair: &'a Keypair, password: Password) -> Result { if password.as_str() == "" { Err(Error::EmptyPassword) @@ -63,6 +72,7 @@ impl<'a> KeystoreBuilder<'a> { } } + /// Consumes `self`, returning a `Keystore`. pub fn build(self) -> Keystore { Keystore::new( self.keypair, @@ -74,9 +84,9 @@ impl<'a> KeystoreBuilder<'a> { } } -/// TODO: Implement `path` according to -/// https://github.com/CarlBeek/EIPs/blob/bls_path/EIPS/eip-2334.md -/// For now, `path` is set to en empty string. +/// Provides a BLS keystore as defined in [EIP-2335](https://eips.ethereum.org/EIPS/eip-2335). +/// +/// Use `KeystoreBuilder` to create a new keystore. #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] pub struct Keystore { crypto: Crypto, @@ -95,32 +105,45 @@ impl Keystore { Keystore { crypto, uuid, + // TODO: Implement `path` according to + // https://github.com/CarlBeek/EIPs/blob/bls_path/EIPS/eip-2334.md + // For now, `path` is set to en empty string. path: String::new(), pubkey: keypair.pk.as_hex_string()[2..].to_string(), version: Version::default(), } } - /// Regenerate a BLS12-381 `Keypair` from given the `Keystore` object and - /// the correct password. + /// Regenerate a BLS12-381 `Keypair` from `self` and the correct password. /// - /// An error is returned if the password provided is incorrect or if - /// keystore does not contain valid hex strings or if the secret contained is not a - /// BLS12-381 secret key. - pub fn to_keypair(&self, password: Password) -> Result { + /// ## Errors + /// + /// - The provided password is incorrect. + /// - The keystore is badly formed. + pub fn decrypt_keypair(&self, password: Password) -> Result { + // Decrypt cipher-text into plain-text. let sk_bytes = self.crypto.decrypt(password)?; + + // Verify that secret key material is correct length. if sk_bytes.len() != SECRET_KEY_LEN { return Err(Error::InvalidSecretKeyLen { len: sk_bytes.len(), expected: SECRET_KEY_LEN, }); } + + // Instantiate a `SecretKey`. let sk = SecretKey::from_bytes(sk_bytes.as_bytes()).map_err(Error::InvalidSecretKeyBytes)?; + + // Derive a `PublicKey` from `SecretKey`. let pk = PublicKey::from_secret_key(&sk); + + // Verify that the derived `PublicKey` matches `self`. if pk.as_hex_string()[2..].to_string() != self.pubkey { return Err(Error::PublicKeyMismatch); } + Ok(Keypair { sk, pk }) } @@ -128,13 +151,65 @@ impl Keystore { pub fn uuid(&self) -> &Uuid { &self.uuid } + + /// Returns `self` encoded as a JSON object. + pub fn to_json_string(&self) -> Result { + serde_json::to_string(self).map_err(|_| Error::UnableToSerialize) + } + + /// Returns `self` encoded as a JSON object. + pub fn from_json_str(json_string: &str) -> Result { + serde_json::from_str(json_string).map_err(|_| Error::InvalidJson) + } } -// Test cases taken from https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases #[cfg(test)] mod tests { use super::*; + fn password() -> Password { + "ilikecats".to_string().into() + } + + fn bad_password() -> Password { + "idontlikecats".to_string().into() + } + + #[test] + fn empty_password() { + assert_eq!( + KeystoreBuilder::new(&Keypair::random(), "".into()) + .err() + .unwrap(), + Error::EmptyPassword + ); + } + + #[test] + fn string_round_trip() { + let keypair = Keypair::random(); + + let keystore = KeystoreBuilder::new(&keypair, password()).unwrap().build(); + + let json = keystore.to_json_string().unwrap(); + let decoded = Keystore::from_json_str(&json).unwrap(); + + assert_eq!( + decoded.decrypt_keypair(bad_password()).err().unwrap(), + Error::InvalidPassword, + "should not decrypt with bad password" + ); + + assert_eq!( + decoded.decrypt_keypair(password()).unwrap(), + keypair, + "should decrypt with good password" + ); + } + + // Test cases taken from: + // + // https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases #[test] fn test_vectors() { let expected_secret = "000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f"; @@ -208,7 +283,7 @@ mod tests { let test_vectors = vec![scrypt_test_vector, pbkdf2_test_vector]; for test in test_vectors { let keystore: Keystore = serde_json::from_str(test).unwrap(); - let keypair = keystore.to_keypair(password.clone()).unwrap(); + let keypair = keystore.decrypt_keypair(password.clone()).unwrap(); let expected_sk = hex::decode(expected_secret).unwrap(); assert_eq!(keypair.sk.as_raw().as_bytes(), expected_sk) } From e911e535a5d8cc9a30161ecfe0cb7e4c31d22e84 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Mon, 4 May 2020 18:30:01 +1000 Subject: [PATCH 33/63] Add more comments, test vectors --- eth2/utils/eth2_keystore/src/cipher.rs | 5 ++ eth2/utils/eth2_keystore/src/lib.rs | 90 +++++++++++++++++++++++++- 2 files changed, 94 insertions(+), 1 deletion(-) diff --git a/eth2/utils/eth2_keystore/src/cipher.rs b/eth2/utils/eth2_keystore/src/cipher.rs index 54855a19dee..c22298bbc5d 100644 --- a/eth2/utils/eth2_keystore/src/cipher.rs +++ b/eth2/utils/eth2_keystore/src/cipher.rs @@ -6,23 +6,28 @@ use zeroize::Zeroize; const IV_SIZE: usize = 16; +/// Provides wrapper around `Vec` that implements zeroize. #[derive(Zeroize, Clone, PartialEq)] #[zeroize(drop)] pub struct PlainText(Vec); impl PlainText { + /// Instantiate self with `len` zeros. pub fn zero(len: usize) -> Self { Self(vec![0; len]) } + /// The byte-length of `self` pub fn len(&self) -> usize { self.0.len() } + /// Returns a reference to the underlying bytes. pub fn as_bytes(&self) -> &[u8] { &self.0 } + /// Returns a mutable reference to the underlying bytes. pub fn as_mut_bytes(&mut self) -> &mut [u8] { &mut self.0 } diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index 33d6220c5bc..bc0676d7360 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -211,7 +211,7 @@ mod tests { // // https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases #[test] - fn test_vectors() { + fn eip_2335_test_vectors() { let expected_secret = "000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f"; let password: Password = "testpassword".into(); let scrypt_test_vector = r#" @@ -288,4 +288,92 @@ mod tests { assert_eq!(keypair.sk.as_raw().as_bytes(), expected_sk) } } + + #[test] + fn json_invalid_version() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 5 + } + "#; + + assert_eq!( + Keystore::from_json_str(&vector).err().unwrap(), + Error::InvalidJson + ); + } + + #[test] + fn json_bad_checksum() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cd" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + assert_eq!( + Keystore::from_json_str(&vector) + .unwrap() + .decrypt_keypair("testpassword".into()) + .err() + .unwrap(), + Error::InvalidPassword + ); + } } From 5ec380522883de65bb8223d3266ccc901de5bd4b Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Tue, 5 May 2020 11:06:35 +1000 Subject: [PATCH 34/63] Progress on improving JSON validation --- eth2/utils/eth2_keystore/src/checksum.rs | 58 +++++++- eth2/utils/eth2_keystore/src/crypto.rs | 4 +- eth2/utils/eth2_keystore/src/kdf.rs | 38 ++++- eth2/utils/eth2_keystore/src/lib.rs | 181 ++++++++++++++++++++++- 4 files changed, 265 insertions(+), 16 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/checksum.rs b/eth2/utils/eth2_keystore/src/checksum.rs index 609d8ece462..ccd6a5403c7 100644 --- a/eth2/utils/eth2_keystore/src/checksum.rs +++ b/eth2/utils/eth2_keystore/src/checksum.rs @@ -2,12 +2,62 @@ use crate::kdf::DerivedKey; use crypto::digest::Digest; use crypto::sha2::Sha256; use serde::{Deserialize, Serialize}; +use serde_json::{Map, Value}; +use std::convert::TryFrom; + +/// Used for ensuring that serde only decodes valid checksum functions. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(try_from = "String", into = "String")] +pub enum ChecksumFunction { + Sha256, +} + +impl Into for ChecksumFunction { + fn into(self) -> String { + match self { + ChecksumFunction::Sha256 => "sha256".into(), + } + } +} + +impl TryFrom for ChecksumFunction { + type Error = String; + + fn try_from(s: String) -> Result { + match s.as_ref() { + "sha256" => Ok(ChecksumFunction::Sha256), + other => Err(format!("Unsupported checksum function: {}", other)), + } + } +} + +/// Used for ensuring serde only decode an empty map +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(try_from = "Value", into = "Value")] +pub struct EmptyMap; + +impl Into for EmptyMap { + fn into(self) -> Value { + Value::Object(Map::default()) + } +} + +impl TryFrom for EmptyMap { + type Error = &'static str; + + fn try_from(v: Value) -> Result { + match v { + Value::Object(map) if map.is_empty() => Ok(Self), + _ => Err("Checksum params must be an empty map"), + } + } +} /// Checksum module for `Keystore`. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct ChecksumModule { - pub function: String, - pub params: serde_json::Value, // Empty json object + pub function: ChecksumFunction, + pub params: EmptyMap, pub message: String, } @@ -22,7 +72,7 @@ impl Sha256Checksum { hasher.result_str() } - pub fn function() -> String { - "sha256".to_string() + pub fn function() -> ChecksumFunction { + ChecksumFunction::Sha256 } } diff --git a/eth2/utils/eth2_keystore/src/crypto.rs b/eth2/utils/eth2_keystore/src/crypto.rs index 39704235f47..4c1dfa15b90 100644 --- a/eth2/utils/eth2_keystore/src/crypto.rs +++ b/eth2/utils/eth2_keystore/src/crypto.rs @@ -1,4 +1,4 @@ -use crate::checksum::{ChecksumModule, Sha256Checksum}; +use crate::checksum::{ChecksumModule, EmptyMap, Sha256Checksum}; use crate::cipher::{Cipher, CipherModule, PlainText}; use crate::kdf::{Kdf, KdfModule}; use crate::Error; @@ -65,7 +65,7 @@ impl Crypto { }, checksum: ChecksumModule { function: Sha256Checksum::function(), - params: serde_json::Value::Object(serde_json::Map::default()), + params: EmptyMap, message: Sha256Checksum::generate(&derived_key, &cipher_message), }, cipher: CipherModule { diff --git a/eth2/utils/eth2_keystore/src/kdf.rs b/eth2/utils/eth2_keystore/src/kdf.rs index 69139de8f8f..0f4dd80f8af 100644 --- a/eth2/utils/eth2_keystore/src/kdf.rs +++ b/eth2/utils/eth2_keystore/src/kdf.rs @@ -2,6 +2,7 @@ use crypto::sha2::Sha256; use crypto::{hmac::Hmac, mac::Mac, pbkdf2, scrypt}; use rand::prelude::*; use serde::{de, Deserialize, Serialize, Serializer}; +use std::convert::TryFrom; use std::default::Default; use zeroize::Zeroize; @@ -165,10 +166,39 @@ impl Default for Kdf { } impl Kdf { - pub fn function(&self) -> String { + pub fn function(&self) -> KdfFunction { match &self { - Kdf::Pbkdf2(_) => "pbkdf2".to_string(), - Kdf::Scrypt(_) => "scrypt".to_string(), + Kdf::Pbkdf2(_) => KdfFunction::Pbkdf2, + Kdf::Scrypt(_) => KdfFunction::Scrypt, + } + } +} + +/// Used for ensuring that serde only decodes valid KDF functions. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(try_from = "String", into = "String")] +pub enum KdfFunction { + Scrypt, + Pbkdf2, +} + +impl Into for KdfFunction { + fn into(self) -> String { + match self { + KdfFunction::Scrypt => "scrypt".into(), + KdfFunction::Pbkdf2 => "pbkdf2".into(), + } + } +} + +impl TryFrom for KdfFunction { + type Error = String; + + fn try_from(s: String) -> Result { + match s.as_ref() { + "scrypt" => Ok(KdfFunction::Scrypt), + "pbkdf2" => Ok(KdfFunction::Pbkdf2), + other => Err(format!("Unsupported kdf function: {}", other)), } } } @@ -176,7 +206,7 @@ impl Kdf { /// KDF module representation. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct KdfModule { - pub function: String, + pub function: KdfFunction, pub params: Kdf, pub message: String, } diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index bc0676d7360..bd9e3e63309 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -40,7 +40,7 @@ pub enum Error { PublicKeyMismatch, EmptyPassword, UnableToSerialize, - InvalidJson, + InvalidJson(String), } /// Constructs a `Keystore`. @@ -159,7 +159,7 @@ impl Keystore { /// Returns `self` encoded as a JSON object. pub fn from_json_str(json_string: &str) -> Result { - serde_json::from_str(json_string).map_err(|_| Error::InvalidJson) + serde_json::from_str(json_string).map_err(|e| Error::InvalidJson(format!("{}", e))) } } @@ -325,10 +325,10 @@ mod tests { } "#; - assert_eq!( - Keystore::from_json_str(&vector).err().unwrap(), - Error::InvalidJson - ); + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } } #[test] @@ -376,4 +376,173 @@ mod tests { Error::InvalidPassword ); } + + #[test] + fn json_invalid_kdf_function() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "not-scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } + } + + #[test] + fn json_invalid_missing_scrypt_param() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } + } + + #[test] + fn json_invalid_checksum_function() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "not-sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } + } + + #[test] + fn json_invalid_checksum_params() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": { + "cats": "lol" + }, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } + } } From 53a774c9fdaf72a5c451237e64c452d5059828c2 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Tue, 5 May 2020 11:20:10 +1000 Subject: [PATCH 35/63] More JSON verification --- eth2/utils/eth2_keystore/src/cipher.rs | 36 ++- eth2/utils/eth2_keystore/src/kdf.rs | 2 + eth2/utils/eth2_keystore/src/lib.rs | 291 +++++++++++++++++++++++++ 3 files changed, 325 insertions(+), 4 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/cipher.rs b/eth2/utils/eth2_keystore/src/cipher.rs index c22298bbc5d..2e80e6f7e1c 100644 --- a/eth2/utils/eth2_keystore/src/cipher.rs +++ b/eth2/utils/eth2_keystore/src/cipher.rs @@ -1,6 +1,7 @@ use crypto::aes::{ctr, KeySize}; use rand::prelude::*; use serde::{de, Deserialize, Serialize, Serializer}; +use std::convert::TryFrom; use std::default::Default; use zeroize::Zeroize; @@ -45,16 +46,43 @@ fn from_slice(bytes: &[u8]) -> Option<[u8; IV_SIZE]> { Some(array) } +/// Used for ensuring that serde only decodes valid cipher functions. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(try_from = "String", into = "String")] +pub enum CipherFunction { + Aes128Ctr, +} + +impl Into for CipherFunction { + fn into(self) -> String { + match self { + CipherFunction::Aes128Ctr => "aes-128-ctr".into(), + } + } +} + +impl TryFrom for CipherFunction { + type Error = String; + + fn try_from(s: String) -> Result { + match s.as_ref() { + "aes-128-ctr" => Ok(CipherFunction::Aes128Ctr), + other => Err(format!("Unsupported cipher function: {}", other)), + } + } +} + /// Cipher module representation. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] pub struct CipherModule { - pub function: String, + pub function: CipherFunction, pub params: Cipher, pub message: String, } /// Parameters for AES128 with ctr mode. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(deny_unknown_fields)] pub struct Aes128Ctr { #[serde(serialize_with = "serialize_iv")] #[serde(deserialize_with = "deserialize_iv")] @@ -108,7 +136,7 @@ where } #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -#[serde(untagged)] +#[serde(untagged, deny_unknown_fields)] pub enum Cipher { Aes128Ctr(Aes128Ctr), } @@ -121,9 +149,9 @@ impl Default for Cipher { } impl Cipher { - pub fn function(&self) -> String { + pub fn function(&self) -> CipherFunction { match &self { - Cipher::Aes128Ctr(_) => "aes-128-ctr".to_string(), + Cipher::Aes128Ctr(_) => CipherFunction::Aes128Ctr, } } } diff --git a/eth2/utils/eth2_keystore/src/kdf.rs b/eth2/utils/eth2_keystore/src/kdf.rs index 0f4dd80f8af..e4d8a7106f7 100644 --- a/eth2/utils/eth2_keystore/src/kdf.rs +++ b/eth2/utils/eth2_keystore/src/kdf.rs @@ -49,6 +49,7 @@ impl DerivedKey { /// Parameters for `pbkdf2` key derivation. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(deny_unknown_fields)] pub struct Pbkdf2 { pub c: u32, pub dklen: u32, @@ -81,6 +82,7 @@ impl Pbkdf2 { /// Parameters for `scrypt` key derivation. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(deny_unknown_fields)] pub struct Scrypt { pub dklen: u32, pub n: u32, diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index bd9e3e63309..e5decbe3132 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -460,6 +460,49 @@ mod tests { } } + #[test] + fn json_invalid_additional_scrypt_param() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3", + "cats": 42 + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } + } + #[test] fn json_invalid_checksum_function() { let vector = r#" @@ -545,4 +588,252 @@ mod tests { _ => panic!("expected invalid json error"), } } + + #[test] + fn json_invalid_cipher_function() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "not-aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } + } + + #[test] + fn json_invalid_additional_cipher_param() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6", + "cat": 42 + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } + } + + #[test] + fn json_invalid_missing_cipher_param() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": {}, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } + } + + #[test] + fn json_invalid_missing_pubkey() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } + } + + #[test] + fn json_invalid_missing_path() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } + } + + #[test] + fn json_invalid_missing_version() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "" + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } + } } From 4dd993116b924248a7a9fb878fc47fa2f42d3591 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Tue, 5 May 2020 13:09:26 +1000 Subject: [PATCH 36/63] Start moving JSON into own mod --- eth2/utils/eth2_keystore/src/derived_key.rs | 38 +++ .../src/json_keystore/checksum_module.rs | 74 ++++++ .../src/json_keystore/cipher_module.rs | 63 +++++ .../src/json_keystore/hex_bytes.rs | 43 ++++ .../src/json_keystore/kdf_module.rs | 105 ++++++++ .../eth2_keystore/src/json_keystore/mod.rs | 44 ++++ eth2/utils/eth2_keystore/src/lib.rs | 240 ++++++++++++++---- eth2/utils/eth2_keystore/src/password.rs | 28 ++ eth2/utils/eth2_keystore/src/plain_text.rs | 28 ++ 9 files changed, 613 insertions(+), 50 deletions(-) create mode 100644 eth2/utils/eth2_keystore/src/derived_key.rs create mode 100644 eth2/utils/eth2_keystore/src/json_keystore/checksum_module.rs create mode 100644 eth2/utils/eth2_keystore/src/json_keystore/cipher_module.rs create mode 100644 eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs create mode 100644 eth2/utils/eth2_keystore/src/json_keystore/kdf_module.rs create mode 100644 eth2/utils/eth2_keystore/src/json_keystore/mod.rs create mode 100644 eth2/utils/eth2_keystore/src/password.rs create mode 100644 eth2/utils/eth2_keystore/src/plain_text.rs diff --git a/eth2/utils/eth2_keystore/src/derived_key.rs b/eth2/utils/eth2_keystore/src/derived_key.rs new file mode 100644 index 00000000000..57f6e6f6330 --- /dev/null +++ b/eth2/utils/eth2_keystore/src/derived_key.rs @@ -0,0 +1,38 @@ +use crate::DKLEN; +use zeroize::Zeroize; + +#[derive(Zeroize)] +#[zeroize(drop)] +pub struct DerivedKey([u8; DKLEN as usize]); + +impl DerivedKey { + /// Instantiates `Self` with a all-zeros byte array. + pub fn zero() -> Self { + Self([0; DKLEN as usize]) + } + + /// Returns a mutable reference to the underlying byte array. + pub fn as_mut_bytes(&mut self) -> &mut [u8] { + &mut self.0 + } + + /// Returns the `DK_slice` bytes used for checksum comparison. + /// + /// ## Reference + /// + /// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2335.md#procedure + pub fn checksum_slice(&self) -> &[u8] { + &self.0[16..32] + } + + /// Returns the aes-128-ctr key. + /// + /// Only the first 16 bytes of the decryption_key are used as the AES key. + /// + /// ## Reference + /// + /// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2335.md#secret-decryption + pub fn aes_key(&self) -> &[u8] { + &self.0[0..16] + } +} diff --git a/eth2/utils/eth2_keystore/src/json_keystore/checksum_module.rs b/eth2/utils/eth2_keystore/src/json_keystore/checksum_module.rs new file mode 100644 index 00000000000..521dc2dc606 --- /dev/null +++ b/eth2/utils/eth2_keystore/src/json_keystore/checksum_module.rs @@ -0,0 +1,74 @@ +//! Defines the JSON representation of the "checksum" module. +//! +//! This file **MUST NOT** contain any logic beyond what is required to serialize/deserialize the +//! data structures. Specifically, there should not be any actual crypto logic in this file. + +use super::hex_bytes::HexBytes; +use serde::{Deserialize, Serialize}; +use serde_json::{Map, Value}; +use std::convert::TryFrom; + +/// Used for ensuring that serde only decodes valid checksum functions. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(try_from = "String", into = "String")] +pub enum ChecksumFunction { + Sha256, +} + +impl Into for ChecksumFunction { + fn into(self) -> String { + match self { + ChecksumFunction::Sha256 => "sha256".into(), + } + } +} + +impl TryFrom for ChecksumFunction { + type Error = String; + + fn try_from(s: String) -> Result { + match s.as_ref() { + "sha256" => Ok(ChecksumFunction::Sha256), + other => Err(format!("Unsupported checksum function: {}", other)), + } + } +} + +/// Used for ensuring serde only decode an empty map +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(try_from = "Value", into = "Value")] +pub struct EmptyMap; + +impl Into for EmptyMap { + fn into(self) -> Value { + Value::Object(Map::default()) + } +} + +impl TryFrom for EmptyMap { + type Error = &'static str; + + fn try_from(v: Value) -> Result { + match v { + Value::Object(map) if map.is_empty() => Ok(Self), + _ => Err("Checksum params must be an empty map"), + } + } +} + +/// Checksum module for `Keystore`. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +pub struct ChecksumModule { + pub function: ChecksumFunction, + pub params: EmptyMap, + pub message: HexBytes, +} + +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +pub struct Sha256Checksum(String); + +impl Sha256Checksum { + pub fn function() -> ChecksumFunction { + ChecksumFunction::Sha256 + } +} diff --git a/eth2/utils/eth2_keystore/src/json_keystore/cipher_module.rs b/eth2/utils/eth2_keystore/src/json_keystore/cipher_module.rs new file mode 100644 index 00000000000..6af5db2a895 --- /dev/null +++ b/eth2/utils/eth2_keystore/src/json_keystore/cipher_module.rs @@ -0,0 +1,63 @@ +//! Defines the JSON representation of the "cipher" module. +//! +//! This file **MUST NOT** contain any logic beyond what is required to serialize/deserialize the +//! data structures. Specifically, there should not be any actual crypto logic in this file. + +use super::hex_bytes::HexBytes; +use serde::{Deserialize, Serialize}; +use std::convert::TryFrom; + +/// Used for ensuring that serde only decodes valid cipher functions. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(try_from = "String", into = "String")] +pub enum CipherFunction { + Aes128Ctr, +} + +impl Into for CipherFunction { + fn into(self) -> String { + match self { + CipherFunction::Aes128Ctr => "aes-128-ctr".into(), + } + } +} + +impl TryFrom for CipherFunction { + type Error = String; + + fn try_from(s: String) -> Result { + match s.as_ref() { + "aes-128-ctr" => Ok(CipherFunction::Aes128Ctr), + other => Err(format!("Unsupported cipher function: {}", other)), + } + } +} + +/// Cipher module representation. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +pub struct CipherModule { + pub function: CipherFunction, + pub params: Cipher, + pub message: HexBytes, +} + +/// Parameters for AES128 with ctr mode. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(deny_unknown_fields)] +pub struct Aes128Ctr { + pub iv: HexBytes, +} + +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(untagged, deny_unknown_fields)] +pub enum Cipher { + Aes128Ctr(Aes128Ctr), +} + +impl Cipher { + pub fn function(&self) -> CipherFunction { + match &self { + Cipher::Aes128Ctr(_) => CipherFunction::Aes128Ctr, + } + } +} diff --git a/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs b/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs new file mode 100644 index 00000000000..e05882a6588 --- /dev/null +++ b/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs @@ -0,0 +1,43 @@ +use serde::{Deserialize, Serialize}; +use std::convert::TryFrom; + +/// Used for ensuring that serde only decodes valid checksum functions. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(try_from = "String", into = "String")] +pub struct HexBytes(Vec); + +impl HexBytes { + pub fn empty() -> Self { + Self(vec![]) + } + + pub fn as_bytes(&self) -> &[u8] { + &self.0 + } + + pub fn len(&self) -> usize { + self.0.len() + } +} + +impl From> for HexBytes { + fn from(vec: Vec) -> Self { + Self(vec) + } +} + +impl Into for HexBytes { + fn into(self) -> String { + hex::encode(self.0) + } +} + +impl TryFrom for HexBytes { + type Error = String; + + fn try_from(s: String) -> Result { + hex::decode(s) + .map(Self) + .map_err(|e| format!("Invalid hex: {}", e)) + } +} diff --git a/eth2/utils/eth2_keystore/src/json_keystore/kdf_module.rs b/eth2/utils/eth2_keystore/src/json_keystore/kdf_module.rs new file mode 100644 index 00000000000..79c6e2a243a --- /dev/null +++ b/eth2/utils/eth2_keystore/src/json_keystore/kdf_module.rs @@ -0,0 +1,105 @@ +//! Defines the JSON representation of the "kdf" module. +//! +//! This file **MUST NOT** contain any logic beyond what is required to serialize/deserialize the +//! data structures. Specifically, there should not be any actual crypto logic in this file. + +use super::hex_bytes::HexBytes; +use crypto::sha2::Sha256; +use crypto::{hmac::Hmac, mac::Mac}; +use serde::{Deserialize, Serialize}; +use std::convert::TryFrom; + +/// KDF module representation. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +pub struct KdfModule { + pub function: KdfFunction, + pub params: Kdf, + pub message: HexBytes, +} + +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(untagged, deny_unknown_fields)] +pub enum Kdf { + Scrypt(Scrypt), + Pbkdf2(Pbkdf2), +} + +impl Kdf { + pub fn function(&self) -> KdfFunction { + match &self { + Kdf::Pbkdf2(_) => KdfFunction::Pbkdf2, + Kdf::Scrypt(_) => KdfFunction::Scrypt, + } + } +} + +/// PRF for use in `pbkdf2`. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +pub enum Prf { + #[serde(rename = "hmac-sha256")] + HmacSha256, +} + +impl Prf { + pub fn mac(&self, password: &[u8]) -> impl Mac { + match &self { + _hmac_sha256 => Hmac::new(Sha256::new(), password), + } + } +} + +impl Default for Prf { + fn default() -> Self { + Prf::HmacSha256 + } +} + +/// Parameters for `pbkdf2` key derivation. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(deny_unknown_fields)] +pub struct Pbkdf2 { + pub c: u32, + pub dklen: u32, + pub prf: Prf, + pub salt: HexBytes, +} + +/// Used for ensuring that serde only decodes valid KDF functions. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(try_from = "String", into = "String")] +pub enum KdfFunction { + Scrypt, + Pbkdf2, +} + +impl Into for KdfFunction { + fn into(self) -> String { + match self { + KdfFunction::Scrypt => "scrypt".into(), + KdfFunction::Pbkdf2 => "pbkdf2".into(), + } + } +} + +impl TryFrom for KdfFunction { + type Error = String; + + fn try_from(s: String) -> Result { + match s.as_ref() { + "scrypt" => Ok(KdfFunction::Scrypt), + "pbkdf2" => Ok(KdfFunction::Pbkdf2), + other => Err(format!("Unsupported kdf function: {}", other)), + } + } +} + +/// Parameters for `scrypt` key derivation. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(deny_unknown_fields)] +pub struct Scrypt { + pub dklen: u32, + pub n: u32, + pub r: u32, + pub p: u32, + pub salt: HexBytes, +} diff --git a/eth2/utils/eth2_keystore/src/json_keystore/mod.rs b/eth2/utils/eth2_keystore/src/json_keystore/mod.rs new file mode 100644 index 00000000000..01e0844744a --- /dev/null +++ b/eth2/utils/eth2_keystore/src/json_keystore/mod.rs @@ -0,0 +1,44 @@ +mod checksum_module; +mod cipher_module; +mod hex_bytes; +mod kdf_module; + +pub use checksum_module::{ChecksumModule, EmptyMap, Sha256Checksum}; +pub use cipher_module::{Aes128Ctr, Cipher, CipherModule}; +pub use hex_bytes::HexBytes; +pub use kdf_module::{Kdf, KdfModule, Pbkdf2, Prf}; +pub use uuid::Uuid; + +use serde::{Deserialize, Serialize}; +use serde_repr::*; + +/// JSON representation of [EIP-2335](https://eips.ethereum.org/EIPS/eip-2335) keystore. +#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] +pub struct JsonKeystore { + pub crypto: Crypto, + pub uuid: Uuid, + pub path: String, + pub pubkey: String, + pub version: Version, +} + +/// Version for `JsonKeystore`. +#[derive(Debug, Clone, PartialEq, Serialize_repr, Deserialize_repr)] +#[repr(u8)] +pub enum Version { + V4 = 4, +} + +impl Version { + pub fn four() -> Self { + Version::V4 + } +} + +/// Crypto module for keystore. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +pub struct Crypto { + pub kdf: KdfModule, + pub checksum: ChecksumModule, + pub cipher: CipherModule, +} diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index e5decbe3132..e1ff41ff248 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -1,35 +1,33 @@ -mod checksum; -mod cipher; -mod crypto; -mod kdf; - -use crate::cipher::Cipher; -use crate::crypto::Crypto; -use crate::kdf::Kdf; +mod derived_key; +mod json_keystore; +mod password; +mod plain_text; + use bls::{Keypair, PublicKey, SecretKey}; +use crypto::{digest::Digest, sha2::Sha256}; +use derived_key::DerivedKey; use hex::FromHexError; +use json_keystore::{ + Aes128Ctr, ChecksumModule, Cipher, CipherModule, Crypto, EmptyMap, HexBytes, JsonKeystore, Kdf, + KdfModule, Pbkdf2, Prf, Sha256Checksum, Version, +}; +use password::Password; +use plain_text::PlainText; +use rand::prelude::*; use serde::{Deserialize, Serialize}; -use serde_repr::*; use ssz::DecodeError; use uuid::Uuid; -pub use crate::crypto::Password; - /// The byte-length of a BLS secret key. const SECRET_KEY_LEN: usize = 32; - -/// Version for `Keystore`. -#[derive(Debug, Clone, PartialEq, Serialize_repr, Deserialize_repr)] -#[repr(u8)] -pub enum Version { - V4 = 4, -} - -impl Default for Version { - fn default() -> Self { - Version::V4 - } -} +/// The default byte length of the salt used to seed the KDF. +const SALT_SIZE: usize = 32; +/// The length of the derived key. +const DKLEN: u32 = 32; +// TODO: comment +const IV_SIZE: usize = 16; +// TODO: comment +const HASH_SIZE: usize = 32; #[derive(Debug, PartialEq)] pub enum Error { @@ -41,6 +39,7 @@ pub enum Error { EmptyPassword, UnableToSerialize, InvalidJson(String), + IncorrectIvSize { expected: usize, len: usize }, } /// Constructs a `Keystore`. @@ -62,19 +61,27 @@ impl<'a> KeystoreBuilder<'a> { if password.as_str() == "" { Err(Error::EmptyPassword) } else { + let salt = rand::thread_rng().gen::<[u8; SALT_SIZE]>(); + let iv = rand::thread_rng().gen::<[u8; IV_SIZE]>().to_vec().into(); + Ok(Self { keypair, password, - kdf: <_>::default(), - cipher: <_>::default(), + kdf: Kdf::Pbkdf2(Pbkdf2 { + dklen: DKLEN, + c: 262144, + prf: Prf::default(), + salt: salt.to_vec().into(), + }), + cipher: Cipher::Aes128Ctr(Aes128Ctr { iv }), uuid: Uuid::new_v4(), }) } } /// Consumes `self`, returning a `Keystore`. - pub fn build(self) -> Keystore { - Keystore::new( + pub fn build(self) -> Result { + Keystore::encrypt( self.keypair, self.password, self.kdf, @@ -89,29 +96,73 @@ impl<'a> KeystoreBuilder<'a> { /// Use `KeystoreBuilder` to create a new keystore. #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] pub struct Keystore { - crypto: Crypto, - uuid: Uuid, - path: String, - pubkey: String, - version: Version, + json: JsonKeystore, } impl Keystore { /// Generate `Keystore` object for a BLS12-381 secret key from a /// keypair and password. - fn new(keypair: &Keypair, password: Password, kdf: Kdf, cipher: Cipher, uuid: Uuid) -> Self { - let crypto = Crypto::encrypt(password, &keypair.sk.as_raw().as_bytes(), kdf, cipher); - - Keystore { - crypto, - uuid, - // TODO: Implement `path` according to - // https://github.com/CarlBeek/EIPs/blob/bls_path/EIPS/eip-2334.md - // For now, `path` is set to en empty string. - path: String::new(), - pubkey: keypair.pk.as_hex_string()[2..].to_string(), - version: Version::default(), - } + fn encrypt( + keypair: &Keypair, + password: Password, + kdf: Kdf, + cipher: Cipher, + uuid: Uuid, + ) -> Result { + // Generate derived key + let derived_key = derive_key(&password, &kdf); + + // TODO: the keypair secret isn't zeroized. + let secret = keypair.sk.as_raw().as_bytes(); + + // Encrypt secret + let cipher_message: Vec = match &cipher { + Cipher::Aes128Ctr(params) => { + // TODO: sanity checks + // TODO: check IV size + // cipher.encrypt(derived_key.aes_key(), &keypair.sk.as_raw().as_bytes()) + let mut cipher_text = vec![0; secret.len()]; + + crypto::aes::ctr( + crypto::aes::KeySize::KeySize128, + derived_key.aes_key(), + &get_iv(params.iv.as_bytes())?, + ) + .process(&secret, &mut cipher_text); + cipher_text + } + }; + + let crypto = Crypto { + kdf: KdfModule { + function: kdf.function(), + params: kdf.clone(), + message: HexBytes::empty(), + }, + checksum: ChecksumModule { + function: Sha256Checksum::function(), + params: EmptyMap, + message: generate_checksum(&derived_key, &cipher_message), + }, + cipher: CipherModule { + function: cipher.function(), + params: cipher.clone(), + message: cipher_message.into(), + }, + }; + + Ok(Keystore { + json: JsonKeystore { + crypto, + uuid, + // TODO: Implement `path` according to + // https://github.com/CarlBeek/EIPs/blob/bls_path/EIPS/eip-2334.md + // For now, `path` is set to en empty string. + path: String::new(), + pubkey: keypair.pk.as_hex_string()[2..].to_string(), + version: Version::four(), + }, + }) } /// Regenerate a BLS12-381 `Keypair` from `self` and the correct password. @@ -121,8 +172,31 @@ impl Keystore { /// - The provided password is incorrect. /// - The keystore is badly formed. pub fn decrypt_keypair(&self, password: Password) -> Result { - // Decrypt cipher-text into plain-text. - let sk_bytes = self.crypto.decrypt(password)?; + let cipher_message = &self.json.crypto.cipher.message; + + // Generate derived key + let derived_key = derive_key(&password, &self.json.crypto.kdf.params); + + // Mismatching checksum indicates an invalid password. + if generate_checksum(&derived_key, cipher_message.as_bytes()) + != self.json.crypto.checksum.message + { + return Err(Error::InvalidPassword); + } + + let sk_bytes = match &self.json.crypto.cipher.params { + Cipher::Aes128Ctr(params) => { + // cipher.decrypt(&derived_key.aes_key(), &cipher_message) + let mut pt = PlainText::zero(cipher_message.len()); + crypto::aes::ctr( + crypto::aes::KeySize::KeySize128, + derived_key.aes_key(), + &get_iv(¶ms.iv.as_bytes())?, + ) + .process(cipher_message.as_bytes(), pt.as_mut_bytes()); + pt + } + }; // Verify that secret key material is correct length. if sk_bytes.len() != SECRET_KEY_LEN { @@ -140,7 +214,7 @@ impl Keystore { let pk = PublicKey::from_secret_key(&sk); // Verify that the derived `PublicKey` matches `self`. - if pk.as_hex_string()[2..].to_string() != self.pubkey { + if pk.as_hex_string()[2..].to_string() != self.json.pubkey { return Err(Error::PublicKeyMismatch); } @@ -149,7 +223,7 @@ impl Keystore { /// Returns the UUID for the keystore. pub fn uuid(&self) -> &Uuid { - &self.uuid + &self.json.uuid } /// Returns `self` encoded as a JSON object. @@ -163,6 +237,71 @@ impl Keystore { } } +fn generate_checksum(derived_key: &DerivedKey, cipher_message: &[u8]) -> HexBytes { + let mut hasher = Sha256::new(); + hasher.input(derived_key.checksum_slice()); + hasher.input(cipher_message); + + let mut digest = vec![0; HASH_SIZE]; + hasher.result(&mut digest); + + digest.into() +} + +fn derive_key(password: &Password, kdf: &Kdf) -> DerivedKey { + // Generate derived key + match &kdf { + Kdf::Pbkdf2(params) => { + let mut dk = DerivedKey::zero(); + let mut mac = params.prf.mac(password.as_bytes()); + crypto::pbkdf2::pbkdf2( + &mut mac, + params.salt.as_bytes(), + params.c, + dk.as_mut_bytes(), + ); + dk + } + Kdf::Scrypt(params) => { + let mut dk = DerivedKey::zero(); + + // Assert that `n` is power of 2 + debug_assert_eq!(params.n, 2u32.pow(log2_int(params.n))); + + crypto::scrypt::scrypt( + password.as_bytes(), + params.salt.as_bytes(), + &crypto::scrypt::ScryptParams::new(log2_int(params.n) as u8, params.r, params.p), + dk.as_mut_bytes(), + ); + dk + } + } +} + +// TODO: what says IV _must_ be 4 bytes? +fn get_iv(bytes: &[u8]) -> Result<[u8; IV_SIZE], Error> { + if bytes.len() == IV_SIZE { + let mut iv = [0; IV_SIZE]; + iv.copy_from_slice(bytes); + Ok(iv) + } else { + Err(Error::IncorrectIvSize { + expected: IV_SIZE, + len: bytes.len(), + }) + } +} + +/// Compute floor of log2 of a u32. +fn log2_int(x: u32) -> u32 { + if x == 0 { + return 0; + } + 31 - x.leading_zeros() +} + +/* #[cfg(test)] mod tests { use super::*; @@ -837,3 +976,4 @@ mod tests { } } } +*/ diff --git a/eth2/utils/eth2_keystore/src/password.rs b/eth2/utils/eth2_keystore/src/password.rs new file mode 100644 index 00000000000..5624f416f9c --- /dev/null +++ b/eth2/utils/eth2_keystore/src/password.rs @@ -0,0 +1,28 @@ +use zeroize::Zeroize; + +#[derive(Zeroize, Clone, PartialEq)] +#[zeroize(drop)] +pub struct Password(String); + +impl Password { + pub fn as_str(&self) -> &str { + self.0.as_str() + } + + pub fn as_bytes(&self) -> &[u8] { + self.0.as_str().as_bytes() + } +} + +impl From for Password { + fn from(s: String) -> Password { + Password(s) + } +} + +#[cfg(test)] +impl<'a> From<&'a str> for Password { + fn from(s: &'a str) -> Password { + Password::from(String::from(s)) + } +} diff --git a/eth2/utils/eth2_keystore/src/plain_text.rs b/eth2/utils/eth2_keystore/src/plain_text.rs new file mode 100644 index 00000000000..7d8a7c377fe --- /dev/null +++ b/eth2/utils/eth2_keystore/src/plain_text.rs @@ -0,0 +1,28 @@ +use zeroize::Zeroize; + +/// Provides wrapper around `Vec` that implements zeroize. +#[derive(Zeroize, Clone, PartialEq)] +#[zeroize(drop)] +pub struct PlainText(Vec); + +impl PlainText { + /// Instantiate self with `len` zeros. + pub fn zero(len: usize) -> Self { + Self(vec![0; len]) + } + + /// The byte-length of `self` + pub fn len(&self) -> usize { + self.0.len() + } + + /// Returns a reference to the underlying bytes. + pub fn as_bytes(&self) -> &[u8] { + &self.0 + } + + /// Returns a mutable reference to the underlying bytes. + pub fn as_mut_bytes(&mut self) -> &mut [u8] { + &mut self.0 + } +} From 0358ce3e6720e041034d32ec5538fba4ec072f18 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Tue, 5 May 2020 14:54:30 +1000 Subject: [PATCH 37/63] Remove old code --- eth2/utils/eth2_keystore/src/checksum.rs | 78 -- eth2/utils/eth2_keystore/src/cipher.rs | 157 ---- eth2/utils/eth2_keystore/src/crypto.rs | 192 ----- eth2/utils/eth2_keystore/src/kdf.rs | 235 ------ eth2/utils/eth2_keystore/src/lib.rs | 741 +----------------- eth2/utils/eth2_keystore/src/password.rs | 1 - eth2/utils/eth2_keystore/src/plain_text.rs | 6 + .../eth2_keystore/tests/eip2335_vectors.rs | 86 ++ eth2/utils/eth2_keystore/tests/json.rs | 551 +++++++++++++ eth2/utils/eth2_keystore/tests/tests.rs | 47 ++ 10 files changed, 722 insertions(+), 1372 deletions(-) delete mode 100644 eth2/utils/eth2_keystore/src/checksum.rs delete mode 100644 eth2/utils/eth2_keystore/src/cipher.rs delete mode 100644 eth2/utils/eth2_keystore/src/crypto.rs delete mode 100644 eth2/utils/eth2_keystore/src/kdf.rs create mode 100644 eth2/utils/eth2_keystore/tests/eip2335_vectors.rs create mode 100644 eth2/utils/eth2_keystore/tests/json.rs create mode 100644 eth2/utils/eth2_keystore/tests/tests.rs diff --git a/eth2/utils/eth2_keystore/src/checksum.rs b/eth2/utils/eth2_keystore/src/checksum.rs deleted file mode 100644 index ccd6a5403c7..00000000000 --- a/eth2/utils/eth2_keystore/src/checksum.rs +++ /dev/null @@ -1,78 +0,0 @@ -use crate::kdf::DerivedKey; -use crypto::digest::Digest; -use crypto::sha2::Sha256; -use serde::{Deserialize, Serialize}; -use serde_json::{Map, Value}; -use std::convert::TryFrom; - -/// Used for ensuring that serde only decodes valid checksum functions. -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -#[serde(try_from = "String", into = "String")] -pub enum ChecksumFunction { - Sha256, -} - -impl Into for ChecksumFunction { - fn into(self) -> String { - match self { - ChecksumFunction::Sha256 => "sha256".into(), - } - } -} - -impl TryFrom for ChecksumFunction { - type Error = String; - - fn try_from(s: String) -> Result { - match s.as_ref() { - "sha256" => Ok(ChecksumFunction::Sha256), - other => Err(format!("Unsupported checksum function: {}", other)), - } - } -} - -/// Used for ensuring serde only decode an empty map -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -#[serde(try_from = "Value", into = "Value")] -pub struct EmptyMap; - -impl Into for EmptyMap { - fn into(self) -> Value { - Value::Object(Map::default()) - } -} - -impl TryFrom for EmptyMap { - type Error = &'static str; - - fn try_from(v: Value) -> Result { - match v { - Value::Object(map) if map.is_empty() => Ok(Self), - _ => Err("Checksum params must be an empty map"), - } - } -} - -/// Checksum module for `Keystore`. -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -pub struct ChecksumModule { - pub function: ChecksumFunction, - pub params: EmptyMap, - pub message: String, -} - -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -pub struct Sha256Checksum(String); - -impl Sha256Checksum { - pub fn generate(derived_key: &DerivedKey, cipher_message: &[u8]) -> String { - let mut hasher = Sha256::new(); - hasher.input(derived_key.checksum_slice()); - hasher.input(cipher_message); - hasher.result_str() - } - - pub fn function() -> ChecksumFunction { - ChecksumFunction::Sha256 - } -} diff --git a/eth2/utils/eth2_keystore/src/cipher.rs b/eth2/utils/eth2_keystore/src/cipher.rs deleted file mode 100644 index 2e80e6f7e1c..00000000000 --- a/eth2/utils/eth2_keystore/src/cipher.rs +++ /dev/null @@ -1,157 +0,0 @@ -use crypto::aes::{ctr, KeySize}; -use rand::prelude::*; -use serde::{de, Deserialize, Serialize, Serializer}; -use std::convert::TryFrom; -use std::default::Default; -use zeroize::Zeroize; - -const IV_SIZE: usize = 16; - -/// Provides wrapper around `Vec` that implements zeroize. -#[derive(Zeroize, Clone, PartialEq)] -#[zeroize(drop)] -pub struct PlainText(Vec); - -impl PlainText { - /// Instantiate self with `len` zeros. - pub fn zero(len: usize) -> Self { - Self(vec![0; len]) - } - - /// The byte-length of `self` - pub fn len(&self) -> usize { - self.0.len() - } - - /// Returns a reference to the underlying bytes. - pub fn as_bytes(&self) -> &[u8] { - &self.0 - } - - /// Returns a mutable reference to the underlying bytes. - pub fn as_mut_bytes(&mut self) -> &mut [u8] { - &mut self.0 - } -} - -/// Convert slice to fixed length array. -/// Returns `None` if slice has len > `IV_SIZE` -fn from_slice(bytes: &[u8]) -> Option<[u8; IV_SIZE]> { - if bytes.len() != 16 { - return None; - } - let mut array = [0; IV_SIZE]; - let bytes = &bytes[..array.len()]; - array.copy_from_slice(bytes); - Some(array) -} - -/// Used for ensuring that serde only decodes valid cipher functions. -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -#[serde(try_from = "String", into = "String")] -pub enum CipherFunction { - Aes128Ctr, -} - -impl Into for CipherFunction { - fn into(self) -> String { - match self { - CipherFunction::Aes128Ctr => "aes-128-ctr".into(), - } - } -} - -impl TryFrom for CipherFunction { - type Error = String; - - fn try_from(s: String) -> Result { - match s.as_ref() { - "aes-128-ctr" => Ok(CipherFunction::Aes128Ctr), - other => Err(format!("Unsupported cipher function: {}", other)), - } - } -} - -/// Cipher module representation. -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -pub struct CipherModule { - pub function: CipherFunction, - pub params: Cipher, - pub message: String, -} - -/// Parameters for AES128 with ctr mode. -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -#[serde(deny_unknown_fields)] -pub struct Aes128Ctr { - #[serde(serialize_with = "serialize_iv")] - #[serde(deserialize_with = "deserialize_iv")] - pub iv: [u8; 16], -} - -impl Aes128Ctr { - pub fn encrypt(&self, key: &[u8], pt: &[u8]) -> Vec { - // TODO: sanity checks - let mut ct = vec![0; pt.len()]; - ctr(KeySize::KeySize128, key, &self.iv).process(pt, &mut ct); - ct - } - - pub fn decrypt(&self, key: &[u8], ct: &[u8]) -> PlainText { - // TODO: sanity checks - let mut pt = PlainText::zero(ct.len()); - ctr(KeySize::KeySize128, key, &self.iv).process(ct, &mut pt.as_mut_bytes()); - pt - } -} - -/// Serialize `iv` to its hex representation. -fn serialize_iv(x: &[u8], s: S) -> Result -where - S: Serializer, -{ - s.serialize_str(&hex::encode(x)) -} - -/// Deserialize `iv` from its hex representation to bytes. -fn deserialize_iv<'de, D>(deserializer: D) -> Result<[u8; 16], D::Error> -where - D: de::Deserializer<'de>, -{ - struct StringVisitor; - impl<'de> de::Visitor<'de> for StringVisitor { - type Value = [u8; IV_SIZE]; - fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result { - formatter.write_str("String should be hex format and 16 bytes in length") - } - fn visit_str(self, v: &str) -> Result - where - E: de::Error, - { - let bytes = hex::decode(v).map_err(E::custom)?; - from_slice(&bytes).ok_or_else(|| E::custom(format!("IV should have length 16 bytes"))) - } - } - deserializer.deserialize_any(StringVisitor) -} - -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -#[serde(untagged, deny_unknown_fields)] -pub enum Cipher { - Aes128Ctr(Aes128Ctr), -} - -impl Default for Cipher { - fn default() -> Self { - let iv = rand::thread_rng().gen::<[u8; IV_SIZE]>(); - Cipher::Aes128Ctr(Aes128Ctr { iv }) - } -} - -impl Cipher { - pub fn function(&self) -> CipherFunction { - match &self { - Cipher::Aes128Ctr(_) => CipherFunction::Aes128Ctr, - } - } -} diff --git a/eth2/utils/eth2_keystore/src/crypto.rs b/eth2/utils/eth2_keystore/src/crypto.rs deleted file mode 100644 index 4c1dfa15b90..00000000000 --- a/eth2/utils/eth2_keystore/src/crypto.rs +++ /dev/null @@ -1,192 +0,0 @@ -use crate::checksum::{ChecksumModule, EmptyMap, Sha256Checksum}; -use crate::cipher::{Cipher, CipherModule, PlainText}; -use crate::kdf::{Kdf, KdfModule}; -use crate::Error; -use serde::{Deserialize, Serialize}; -use std::fmt; -use zeroize::Zeroize; - -#[derive(Zeroize, Clone, PartialEq)] -#[zeroize(drop)] -pub struct Password(String); - -impl fmt::Display for Password { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - write!(f, "******") - } -} - -impl Password { - pub fn as_str(&self) -> &str { - self.0.as_str() - } -} - -impl From for Password { - fn from(s: String) -> Password { - Password(s) - } -} - -#[cfg(test)] -impl<'a> From<&'a str> for Password { - fn from(s: &'a str) -> Password { - Password::from(String::from(s)) - } -} - -/// Crypto module for keystore. -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -pub struct Crypto { - pub kdf: KdfModule, - pub checksum: ChecksumModule, - pub cipher: CipherModule, -} - -impl Crypto { - /// Generate crypto module for `Keystore` given the password, - /// secret to encrypt, kdf params and cipher params. - pub fn encrypt(password: Password, secret: &[u8], kdf: Kdf, cipher: Cipher) -> Self { - // Generate derived key - let derived_key = match &kdf { - Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(password.as_str()), - Kdf::Scrypt(scrypt) => scrypt.derive_key(password.as_str()), - }; - // Encrypt secret - let cipher_message: Vec = match &cipher { - Cipher::Aes128Ctr(cipher) => cipher.encrypt(derived_key.aes_key(), secret), - }; - - Crypto { - kdf: KdfModule { - function: kdf.function(), - params: kdf.clone(), - message: "".to_string(), - }, - checksum: ChecksumModule { - function: Sha256Checksum::function(), - params: EmptyMap, - message: Sha256Checksum::generate(&derived_key, &cipher_message), - }, - cipher: CipherModule { - function: cipher.function(), - params: cipher.clone(), - message: hex::encode(cipher_message), - }, - } - } - - /// Recover the secret present in the Keystore given the correct password. - /// - /// An error will be returned if `cipher.message` is not in hex format or - /// if password is incorrect. - pub fn decrypt(&self, password: Password) -> Result { - let cipher_message = - hex::decode(self.cipher.message.clone()).map_err(Error::InvalidCipherMessageHex)?; - - // Generate derived key - let derived_key = match &self.kdf.params { - Kdf::Pbkdf2(pbkdf2) => pbkdf2.derive_key(password.as_str()), - Kdf::Scrypt(scrypt) => scrypt.derive_key(password.as_str()), - }; - - // Mismatching `password` indicates an invalid password. - if Sha256Checksum::generate(&derived_key, &cipher_message) != self.checksum.message { - return Err(Error::InvalidPassword); - } - - let secret = match &self.cipher.params { - Cipher::Aes128Ctr(cipher) => cipher.decrypt(&derived_key.aes_key(), &cipher_message), - }; - - Ok(secret) - } -} - -// Test cases taken from https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases -#[cfg(test)] -mod tests { - use super::*; - use crate::cipher::{Aes128Ctr, Cipher}; - use crate::kdf::{Kdf, Pbkdf2, Prf, Scrypt}; - - fn from_slice(bytes: &[u8]) -> [u8; 16] { - let mut array = [0; 16]; - let bytes = &bytes[..array.len()]; // panics if not enough data - array.copy_from_slice(bytes); - array - } - - #[test] - fn test_pbkdf2() { - let secret = - hex::decode("000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f") - .unwrap(); - let expected_checksum = "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8"; - let expected_cipher = "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48"; - let salt = hex::decode("d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3") - .unwrap(); - let iv = hex::decode("264daa3f303d7259501c93d997d84fe6").unwrap(); - let password: Password = "testpassword".into(); - - let kdf = Kdf::Pbkdf2(Pbkdf2 { - dklen: 32, - c: 262144, - prf: Prf::HmacSha256, - salt, - }); - - let cipher = Cipher::Aes128Ctr(Aes128Ctr { - iv: from_slice(&iv), - }); - - let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher); - - assert_eq!(expected_checksum, keystore.checksum.message); - assert_eq!(expected_cipher, keystore.cipher.message); - - let json = serde_json::to_string(&keystore).unwrap(); - - let recovered_keystore: Crypto = serde_json::from_str(&json).unwrap(); - let recovered_secret = recovered_keystore.decrypt(password).unwrap(); - - assert_eq!(secret, recovered_secret.as_bytes()); - } - - #[test] - fn test_scrypt() { - let secret = - hex::decode("000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f") - .unwrap(); - let expected_checksum = "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb"; - let expected_cipher = "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30"; - let salt = hex::decode("d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3") - .unwrap(); - let iv = hex::decode("264daa3f303d7259501c93d997d84fe6").unwrap(); - let password: Password = "testpassword".into(); - - let kdf = Kdf::Scrypt(Scrypt { - dklen: 32, - n: 262144, - r: 8, - p: 1, - salt, - }); - - let cipher = Cipher::Aes128Ctr(Aes128Ctr { - iv: from_slice(&iv), - }); - - let keystore = Crypto::encrypt(password.clone(), &secret, kdf, cipher); - - assert_eq!(expected_checksum, keystore.checksum.message); - assert_eq!(expected_cipher, keystore.cipher.message); - - let json = serde_json::to_string(&keystore).unwrap(); - - let recovered_keystore: Crypto = serde_json::from_str(&json).unwrap(); - let recovered_secret = recovered_keystore.decrypt(password).unwrap(); - - assert_eq!(secret, recovered_secret.as_bytes()); - } -} diff --git a/eth2/utils/eth2_keystore/src/kdf.rs b/eth2/utils/eth2_keystore/src/kdf.rs deleted file mode 100644 index e4d8a7106f7..00000000000 --- a/eth2/utils/eth2_keystore/src/kdf.rs +++ /dev/null @@ -1,235 +0,0 @@ -use crypto::sha2::Sha256; -use crypto::{hmac::Hmac, mac::Mac, pbkdf2, scrypt}; -use rand::prelude::*; -use serde::{de, Deserialize, Serialize, Serializer}; -use std::convert::TryFrom; -use std::default::Default; -use zeroize::Zeroize; - -// TODO: verify size of salt -const SALT_SIZE: usize = 32; -const DECRYPTION_KEY_SIZE: usize = 32; -const DKLEN: u32 = 32; - -#[derive(Zeroize)] -#[zeroize(drop)] -pub struct DerivedKey([u8; DECRYPTION_KEY_SIZE]); - -impl DerivedKey { - /// Instantiates `Self` with a all-zeros byte array. - fn zero() -> Self { - Self([0; DECRYPTION_KEY_SIZE]) - } - - /// Returns a mutable reference to the underlying byte array. - fn as_mut_bytes(&mut self) -> &mut [u8] { - &mut self.0 - } - - /// Returns the `DK_slice` bytes used for checksum comparison. - /// - /// ## Reference - /// - /// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2335.md#procedure - pub fn checksum_slice(&self) -> &[u8] { - &self.0[16..32] - } - - /// Returns the aes-128-ctr key. - /// - /// Only the first 16 bytes of the decryption_key are used as the AES key. - /// - /// ## Reference - /// - /// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2335.md#secret-decryption - pub fn aes_key(&self) -> &[u8] { - &self.0[0..16] - } -} - -/// Parameters for `pbkdf2` key derivation. -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -#[serde(deny_unknown_fields)] -pub struct Pbkdf2 { - pub c: u32, - pub dklen: u32, - pub prf: Prf, - #[serde(serialize_with = "serialize_salt")] - #[serde(deserialize_with = "deserialize_salt")] - pub salt: Vec, -} -impl Default for Pbkdf2 { - fn default() -> Self { - let salt = rand::thread_rng().gen::<[u8; SALT_SIZE]>(); - Pbkdf2 { - dklen: DKLEN, - c: 262144, - prf: Prf::default(), - salt: salt.to_vec(), - } - } -} - -impl Pbkdf2 { - /// Derive key from password. - pub fn derive_key(&self, password: &str) -> DerivedKey { - let mut dk = DerivedKey::zero(); - let mut mac = self.prf.mac(password.as_bytes()); - pbkdf2::pbkdf2(&mut mac, &self.salt, self.c, dk.as_mut_bytes()); - dk - } -} - -/// Parameters for `scrypt` key derivation. -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -#[serde(deny_unknown_fields)] -pub struct Scrypt { - pub dklen: u32, - pub n: u32, - pub r: u32, - pub p: u32, - #[serde(serialize_with = "serialize_salt")] - #[serde(deserialize_with = "deserialize_salt")] - pub salt: Vec, -} - -/// Compute floor of log2 of a u32. -fn log2_int(x: u32) -> u32 { - if x == 0 { - return 0; - } - 31 - x.leading_zeros() -} - -impl Scrypt { - pub fn derive_key(&self, password: &str) -> DerivedKey { - let mut dk = DerivedKey::zero(); - // Assert that `n` is power of 2 - debug_assert_eq!(self.n, 2u32.pow(log2_int(self.n))); - let params = scrypt::ScryptParams::new(log2_int(self.n) as u8, self.r, self.p); - scrypt::scrypt(password.as_bytes(), &self.salt, ¶ms, &mut dk.0); - dk - } -} - -impl Default for Scrypt { - fn default() -> Self { - let salt = rand::thread_rng().gen::<[u8; SALT_SIZE]>(); - Scrypt { - dklen: DKLEN, - n: 262144, - r: 8, - p: 1, - salt: salt.to_vec(), - } - } -} - -/// Serialize `salt` to its hex representation. -fn serialize_salt(x: &Vec, s: S) -> Result -where - S: Serializer, -{ - s.serialize_str(&hex::encode(x)) -} - -/// Deserialize `salt` from its hex representation to bytes. -fn deserialize_salt<'de, D>(deserializer: D) -> Result, D::Error> -where - D: de::Deserializer<'de>, -{ - struct StringVisitor; - impl<'de> de::Visitor<'de> for StringVisitor { - type Value = Vec; - fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result { - formatter.write_str("String should be hex format") - } - fn visit_str(self, v: &str) -> Result - where - E: de::Error, - { - hex::decode(v).map_err(E::custom) - } - } - deserializer.deserialize_any(StringVisitor) -} - -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -#[serde(untagged)] -pub enum Kdf { - Scrypt(Scrypt), - Pbkdf2(Pbkdf2), -} - -impl Default for Kdf { - fn default() -> Self { - Kdf::Pbkdf2(Pbkdf2::default()) - } -} - -impl Kdf { - pub fn function(&self) -> KdfFunction { - match &self { - Kdf::Pbkdf2(_) => KdfFunction::Pbkdf2, - Kdf::Scrypt(_) => KdfFunction::Scrypt, - } - } -} - -/// Used for ensuring that serde only decodes valid KDF functions. -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -#[serde(try_from = "String", into = "String")] -pub enum KdfFunction { - Scrypt, - Pbkdf2, -} - -impl Into for KdfFunction { - fn into(self) -> String { - match self { - KdfFunction::Scrypt => "scrypt".into(), - KdfFunction::Pbkdf2 => "pbkdf2".into(), - } - } -} - -impl TryFrom for KdfFunction { - type Error = String; - - fn try_from(s: String) -> Result { - match s.as_ref() { - "scrypt" => Ok(KdfFunction::Scrypt), - "pbkdf2" => Ok(KdfFunction::Pbkdf2), - other => Err(format!("Unsupported kdf function: {}", other)), - } - } -} - -/// KDF module representation. -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -pub struct KdfModule { - pub function: KdfFunction, - pub params: Kdf, - pub message: String, -} - -/// PRF for use in `pbkdf2`. -#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] -pub enum Prf { - #[serde(rename = "hmac-sha256")] - HmacSha256, -} - -impl Prf { - pub fn mac(&self, password: &[u8]) -> impl Mac { - match &self { - _hmac_sha256 => Hmac::new(Sha256::new(), password), - } - } -} - -impl Default for Prf { - fn default() -> Self { - Prf::HmacSha256 - } -} diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index e1ff41ff248..67200e72e29 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -3,6 +3,9 @@ mod json_keystore; mod password; mod plain_text; +pub use password::Password; +pub use uuid::Uuid; + use bls::{Keypair, PublicKey, SecretKey}; use crypto::{digest::Digest, sha2::Sha256}; use derived_key::DerivedKey; @@ -11,12 +14,10 @@ use json_keystore::{ Aes128Ctr, ChecksumModule, Cipher, CipherModule, Crypto, EmptyMap, HexBytes, JsonKeystore, Kdf, KdfModule, Pbkdf2, Prf, Sha256Checksum, Version, }; -use password::Password; use plain_text::PlainText; use rand::prelude::*; use serde::{Deserialize, Serialize}; use ssz::DecodeError; -use uuid::Uuid; /// The byte-length of a BLS secret key. const SECRET_KEY_LEN: usize = 32; @@ -95,6 +96,7 @@ impl<'a> KeystoreBuilder<'a> { /// /// Use `KeystoreBuilder` to create a new keystore. #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] +#[serde(transparent)] pub struct Keystore { json: JsonKeystore, } @@ -112,15 +114,13 @@ impl Keystore { // Generate derived key let derived_key = derive_key(&password, &kdf); - // TODO: the keypair secret isn't zeroized. - let secret = keypair.sk.as_raw().as_bytes(); + let secret = PlainText::from(keypair.sk.as_raw().as_bytes()); - // Encrypt secret + // Encrypt secret. let cipher_message: Vec = match &cipher { Cipher::Aes128Ctr(params) => { // TODO: sanity checks // TODO: check IV size - // cipher.encrypt(derived_key.aes_key(), &keypair.sk.as_raw().as_bytes()) let mut cipher_text = vec![0; secret.len()]; crypto::aes::ctr( @@ -128,32 +128,30 @@ impl Keystore { derived_key.aes_key(), &get_iv(params.iv.as_bytes())?, ) - .process(&secret, &mut cipher_text); + .process(secret.as_bytes(), &mut cipher_text); cipher_text } }; - let crypto = Crypto { - kdf: KdfModule { - function: kdf.function(), - params: kdf.clone(), - message: HexBytes::empty(), - }, - checksum: ChecksumModule { - function: Sha256Checksum::function(), - params: EmptyMap, - message: generate_checksum(&derived_key, &cipher_message), - }, - cipher: CipherModule { - function: cipher.function(), - params: cipher.clone(), - message: cipher_message.into(), - }, - }; - Ok(Keystore { json: JsonKeystore { - crypto, + crypto: Crypto { + kdf: KdfModule { + function: kdf.function(), + params: kdf.clone(), + message: HexBytes::empty(), + }, + checksum: ChecksumModule { + function: Sha256Checksum::function(), + params: EmptyMap, + message: generate_checksum(&derived_key, &cipher_message), + }, + cipher: CipherModule { + function: cipher.function(), + params: cipher.clone(), + message: cipher_message.into(), + }, + }, uuid, // TODO: Implement `path` according to // https://github.com/CarlBeek/EIPs/blob/bls_path/EIPS/eip-2334.md @@ -237,6 +235,8 @@ impl Keystore { } } +/// Generates a checksum to indicate that the `derived_key` is associated with the +/// `cipher_message`. fn generate_checksum(derived_key: &DerivedKey, cipher_message: &[u8]) -> HexBytes { let mut hasher = Sha256::new(); hasher.input(derived_key.checksum_slice()); @@ -248,23 +248,22 @@ fn generate_checksum(derived_key: &DerivedKey, cipher_message: &[u8]) -> HexByte digest.into() } +/// Derive a private key from the given `password` using the given `kdf` (key derivation function). fn derive_key(password: &Password, kdf: &Kdf) -> DerivedKey { - // Generate derived key + let mut dk = DerivedKey::zero(); + match &kdf { Kdf::Pbkdf2(params) => { - let mut dk = DerivedKey::zero(); let mut mac = params.prf.mac(password.as_bytes()); + crypto::pbkdf2::pbkdf2( &mut mac, params.salt.as_bytes(), params.c, dk.as_mut_bytes(), ); - dk } Kdf::Scrypt(params) => { - let mut dk = DerivedKey::zero(); - // Assert that `n` is power of 2 debug_assert_eq!(params.n, 2u32.pow(log2_int(params.n))); @@ -274,9 +273,10 @@ fn derive_key(password: &Password, kdf: &Kdf) -> DerivedKey { &crypto::scrypt::ScryptParams::new(log2_int(params.n) as u8, params.r, params.p), dk.as_mut_bytes(), ); - dk } } + + dk } // TODO: what says IV _must_ be 4 bytes? @@ -300,680 +300,3 @@ fn log2_int(x: u32) -> u32 { } 31 - x.leading_zeros() } - -/* -#[cfg(test)] -mod tests { - use super::*; - - fn password() -> Password { - "ilikecats".to_string().into() - } - - fn bad_password() -> Password { - "idontlikecats".to_string().into() - } - - #[test] - fn empty_password() { - assert_eq!( - KeystoreBuilder::new(&Keypair::random(), "".into()) - .err() - .unwrap(), - Error::EmptyPassword - ); - } - - #[test] - fn string_round_trip() { - let keypair = Keypair::random(); - - let keystore = KeystoreBuilder::new(&keypair, password()).unwrap().build(); - - let json = keystore.to_json_string().unwrap(); - let decoded = Keystore::from_json_str(&json).unwrap(); - - assert_eq!( - decoded.decrypt_keypair(bad_password()).err().unwrap(), - Error::InvalidPassword, - "should not decrypt with bad password" - ); - - assert_eq!( - decoded.decrypt_keypair(password()).unwrap(), - keypair, - "should decrypt with good password" - ); - } - - // Test cases taken from: - // - // https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases - #[test] - fn eip_2335_test_vectors() { - let expected_secret = "000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f"; - let password: Password = "testpassword".into(); - let scrypt_test_vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "", - "version": 4 - } - "#; - - let pbkdf2_test_vector = r#" - { - "crypto": { - "kdf": { - "function": "pbkdf2", - "params": { - "dklen": 32, - "c": 262144, - "prf": "hmac-sha256", - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "path": "m/12381/60/0/0", - "uuid": "64625def-3331-4eea-ab6f-782f3ed16a83", - "version": 4 - } - "#; - let test_vectors = vec![scrypt_test_vector, pbkdf2_test_vector]; - for test in test_vectors { - let keystore: Keystore = serde_json::from_str(test).unwrap(); - let keypair = keystore.decrypt_keypair(password.clone()).unwrap(); - let expected_sk = hex::decode(expected_secret).unwrap(); - assert_eq!(keypair.sk.as_raw().as_bytes(), expected_sk) - } - } - - #[test] - fn json_invalid_version() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "", - "version": 5 - } - "#; - - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } - } - - #[test] - fn json_bad_checksum() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cd" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "", - "version": 4 - } - "#; - - assert_eq!( - Keystore::from_json_str(&vector) - .unwrap() - .decrypt_keypair("testpassword".into()) - .err() - .unwrap(), - Error::InvalidPassword - ); - } - - #[test] - fn json_invalid_kdf_function() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "not-scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "", - "version": 4 - } - "#; - - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } - } - - #[test] - fn json_invalid_missing_scrypt_param() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "", - "version": 4 - } - "#; - - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } - } - - #[test] - fn json_invalid_additional_scrypt_param() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3", - "cats": 42 - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "", - "version": 4 - } - "#; - - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } - } - - #[test] - fn json_invalid_checksum_function() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "not-sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "", - "version": 4 - } - "#; - - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } - } - - #[test] - fn json_invalid_checksum_params() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": { - "cats": "lol" - }, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "", - "version": 4 - } - "#; - - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } - } - - #[test] - fn json_invalid_cipher_function() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "not-aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "", - "version": 4 - } - "#; - - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } - } - - #[test] - fn json_invalid_additional_cipher_param() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6", - "cat": 42 - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "", - "version": 4 - } - "#; - - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } - } - - #[test] - fn json_invalid_missing_cipher_param() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "aes-128-ctr", - "params": {}, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "", - "version": 4 - } - "#; - - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } - } - - #[test] - fn json_invalid_missing_pubkey() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "", - "version": 4 - } - "#; - - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } - } - - #[test] - fn json_invalid_missing_path() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "version": 4 - } - "#; - - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } - } - - #[test] - fn json_invalid_missing_version() { - let vector = r#" - { - "crypto": { - "kdf": { - "function": "scrypt", - "params": { - "dklen": 32, - "n": 262144, - "p": 1, - "r": 8, - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" - }, - "message": "" - }, - "checksum": { - "function": "sha256", - "params": {}, - "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" - }, - "cipher": { - "function": "aes-128-ctr", - "params": { - "iv": "264daa3f303d7259501c93d997d84fe6" - }, - "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" - } - }, - "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", - "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", - "path": "" - } - "#; - - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } - } -} -*/ diff --git a/eth2/utils/eth2_keystore/src/password.rs b/eth2/utils/eth2_keystore/src/password.rs index 5624f416f9c..b3fea49477e 100644 --- a/eth2/utils/eth2_keystore/src/password.rs +++ b/eth2/utils/eth2_keystore/src/password.rs @@ -20,7 +20,6 @@ impl From for Password { } } -#[cfg(test)] impl<'a> From<&'a str> for Password { fn from(s: &'a str) -> Password { Password::from(String::from(s)) diff --git a/eth2/utils/eth2_keystore/src/plain_text.rs b/eth2/utils/eth2_keystore/src/plain_text.rs index 7d8a7c377fe..eb8454d3630 100644 --- a/eth2/utils/eth2_keystore/src/plain_text.rs +++ b/eth2/utils/eth2_keystore/src/plain_text.rs @@ -26,3 +26,9 @@ impl PlainText { &mut self.0 } } + +impl From> for PlainText { + fn from(vec: Vec) -> Self { + Self(vec) + } +} diff --git a/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs b/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs new file mode 100644 index 00000000000..cb70554890c --- /dev/null +++ b/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs @@ -0,0 +1,86 @@ +#![cfg(test)] + +use eth2_keystore::{Keystore, Password}; + +// Test cases taken from: +// +// https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases +#[test] +fn eip2335_test_vectors() { + let expected_secret = "000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f"; + let password: Password = "testpassword".into(); + let scrypt_test_vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + let pbkdf2_test_vector = r#" + { + "crypto": { + "kdf": { + "function": "pbkdf2", + "params": { + "dklen": 32, + "c": 262144, + "prf": "hmac-sha256", + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "path": "m/12381/60/0/0", + "uuid": "64625def-3331-4eea-ab6f-782f3ed16a83", + "version": 4 + } + "#; + + let test_vectors = vec![scrypt_test_vector, pbkdf2_test_vector]; + for test in test_vectors { + let keystore: Keystore = serde_json::from_str(test).unwrap(); + let keypair = keystore.decrypt_keypair(password.clone()).unwrap(); + let expected_sk = hex::decode(expected_secret).unwrap(); + assert_eq!(keypair.sk.as_raw().as_bytes(), expected_sk) + } +} diff --git a/eth2/utils/eth2_keystore/tests/json.rs b/eth2/utils/eth2_keystore/tests/json.rs new file mode 100644 index 00000000000..8dd79c4b3d8 --- /dev/null +++ b/eth2/utils/eth2_keystore/tests/json.rs @@ -0,0 +1,551 @@ +#![cfg(test)] + +use eth2_keystore::{Error, Keystore}; + +#[test] +fn version() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 5 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn json_bad_checksum() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cd" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + assert_eq!( + Keystore::from_json_str(&vector) + .unwrap() + .decrypt_keypair("testpassword".into()) + .err() + .unwrap(), + Error::InvalidPassword + ); +} + +#[test] +fn kdf_function() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "not-scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn missing_scrypt_param() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn additional_scrypt_param() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3", + "cats": 42 + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn checksum_function() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "not-sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn checksum_params() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": { + "cats": "lol" + }, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn cipher_function() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "not-aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn additional_cipher_param() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6", + "cat": 42 + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn missing_cipher_param() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": {}, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn missing_pubkey() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn missing_path() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn missing_version() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "" + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} diff --git a/eth2/utils/eth2_keystore/tests/tests.rs b/eth2/utils/eth2_keystore/tests/tests.rs new file mode 100644 index 00000000000..ffe0e68fcbc --- /dev/null +++ b/eth2/utils/eth2_keystore/tests/tests.rs @@ -0,0 +1,47 @@ +#![cfg(test)] + +use bls::Keypair; +use eth2_keystore::{Error, Keystore, KeystoreBuilder, Password}; + +fn password() -> Password { + "ilikecats".to_string().into() +} + +fn bad_password() -> Password { + "idontlikecats".to_string().into() +} + +#[test] +fn empty_password() { + assert_eq!( + KeystoreBuilder::new(&Keypair::random(), "".into()) + .err() + .unwrap(), + Error::EmptyPassword + ); +} + +#[test] +fn string_round_trip() { + let keypair = Keypair::random(); + + let keystore = KeystoreBuilder::new(&keypair, password()) + .unwrap() + .build() + .unwrap(); + + let json = keystore.to_json_string().unwrap(); + let decoded = Keystore::from_json_str(&json).unwrap(); + + assert_eq!( + decoded.decrypt_keypair(bad_password()).err().unwrap(), + Error::InvalidPassword, + "should not decrypt with bad password" + ); + + assert_eq!( + decoded.decrypt_keypair(password()).unwrap(), + keypair, + "should decrypt with good password" + ); +} From 016068a58567c7e90e68f181cf0ba56810be47d8 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Tue, 5 May 2020 15:11:42 +1000 Subject: [PATCH 38/63] Add more tests, reader/writers --- eth2/utils/eth2_keystore/Cargo.toml | 4 +- eth2/utils/eth2_keystore/src/lib.rs | 32 +++++++++++----- eth2/utils/eth2_keystore/tests/tests.rs | 49 +++++++++++++++++++++++-- 3 files changed, 70 insertions(+), 15 deletions(-) diff --git a/eth2/utils/eth2_keystore/Cargo.toml b/eth2/utils/eth2_keystore/Cargo.toml index cf25ee7e575..917a3f63ba5 100644 --- a/eth2/utils/eth2_keystore/Cargo.toml +++ b/eth2/utils/eth2_keystore/Cargo.toml @@ -10,7 +10,6 @@ edition = "2018" rand = "0.7.2" rust-crypto = "0.2.36" uuid = { version = "0.8", features = ["serde", "v4"] } -time = "0.1.42" zeroize = { version = "1.0.0", features = ["zeroize_derive"] } serde = "1.0.102" serde_repr = "0.1" @@ -18,3 +17,6 @@ hex = "0.3" bls = { path = "../bls" } eth2_ssz = { path = "../ssz" } serde_json = "1.0.41" + +[dev-dependencies] +tempfile = "3.1.0" diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index 67200e72e29..b1f0087e7ea 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -9,7 +9,6 @@ pub use uuid::Uuid; use bls::{Keypair, PublicKey, SecretKey}; use crypto::{digest::Digest, sha2::Sha256}; use derived_key::DerivedKey; -use hex::FromHexError; use json_keystore::{ Aes128Ctr, ChecksumModule, Cipher, CipherModule, Crypto, EmptyMap, HexBytes, JsonKeystore, Kdf, KdfModule, Pbkdf2, Prf, Sha256Checksum, Version, @@ -18,6 +17,7 @@ use plain_text::PlainText; use rand::prelude::*; use serde::{Deserialize, Serialize}; use ssz::DecodeError; +use std::io::{Read, Write}; /// The byte-length of a BLS secret key. const SECRET_KEY_LEN: usize = 32; @@ -33,13 +33,14 @@ const HASH_SIZE: usize = 32; #[derive(Debug, PartialEq)] pub enum Error { InvalidSecretKeyLen { len: usize, expected: usize }, - InvalidCipherMessageHex(FromHexError), InvalidPassword, InvalidSecretKeyBytes(DecodeError), PublicKeyMismatch, EmptyPassword, - UnableToSerialize, + UnableToSerialize(String), InvalidJson(String), + WriteError(String), + ReadError(String), IncorrectIvSize { expected: usize, len: usize }, } @@ -50,6 +51,7 @@ pub struct KeystoreBuilder<'a> { kdf: Kdf, cipher: Cipher, uuid: Uuid, + path: String, } impl<'a> KeystoreBuilder<'a> { @@ -58,7 +60,7 @@ impl<'a> KeystoreBuilder<'a> { /// ## Errors /// /// Returns `Error::EmptyPassword` if `password == ""`. - pub fn new(keypair: &'a Keypair, password: Password) -> Result { + pub fn new(keypair: &'a Keypair, password: Password, path: String) -> Result { if password.as_str() == "" { Err(Error::EmptyPassword) } else { @@ -76,6 +78,7 @@ impl<'a> KeystoreBuilder<'a> { }), cipher: Cipher::Aes128Ctr(Aes128Ctr { iv }), uuid: Uuid::new_v4(), + path, }) } } @@ -88,6 +91,7 @@ impl<'a> KeystoreBuilder<'a> { self.kdf, self.cipher, self.uuid, + self.path, ) } } @@ -110,6 +114,7 @@ impl Keystore { kdf: Kdf, cipher: Cipher, uuid: Uuid, + path: String, ) -> Result { // Generate derived key let derived_key = derive_key(&password, &kdf); @@ -153,10 +158,7 @@ impl Keystore { }, }, uuid, - // TODO: Implement `path` according to - // https://github.com/CarlBeek/EIPs/blob/bls_path/EIPS/eip-2334.md - // For now, `path` is set to en empty string. - path: String::new(), + path, pubkey: keypair.pk.as_hex_string()[2..].to_string(), version: Version::four(), }, @@ -224,15 +226,25 @@ impl Keystore { &self.json.uuid } - /// Returns `self` encoded as a JSON object. + /// Encodes `self` as a JSON object. pub fn to_json_string(&self) -> Result { - serde_json::to_string(self).map_err(|_| Error::UnableToSerialize) + serde_json::to_string(self).map_err(|e| Error::UnableToSerialize(format!("{}", e))) } /// Returns `self` encoded as a JSON object. pub fn from_json_str(json_string: &str) -> Result { serde_json::from_str(json_string).map_err(|e| Error::InvalidJson(format!("{}", e))) } + + /// Encodes self as a JSON object to the given `writer`. + pub fn to_json_writer(&self, writer: W) -> Result<(), Error> { + serde_json::to_writer(writer, self).map_err(|e| Error::WriteError(format!("{}", e))) + } + + /// Instantiates `self` from a JSON `reader`. + pub fn from_json_reader(reader: R) -> Result { + serde_json::from_reader(reader).map_err(|e| Error::ReadError(format!("{}", e))) + } } /// Generates a checksum to indicate that the `derived_key` is associated with the diff --git a/eth2/utils/eth2_keystore/tests/tests.rs b/eth2/utils/eth2_keystore/tests/tests.rs index ffe0e68fcbc..e19b2f100d0 100644 --- a/eth2/utils/eth2_keystore/tests/tests.rs +++ b/eth2/utils/eth2_keystore/tests/tests.rs @@ -2,8 +2,10 @@ use bls::Keypair; use eth2_keystore::{Error, Keystore, KeystoreBuilder, Password}; +use std::fs::OpenOptions; +use tempfile::tempdir; -fn password() -> Password { +fn good_password() -> Password { "ilikecats".to_string().into() } @@ -14,7 +16,7 @@ fn bad_password() -> Password { #[test] fn empty_password() { assert_eq!( - KeystoreBuilder::new(&Keypair::random(), "".into()) + KeystoreBuilder::new(&Keypair::random(), "".into(), "".into()) .err() .unwrap(), Error::EmptyPassword @@ -25,7 +27,7 @@ fn empty_password() { fn string_round_trip() { let keypair = Keypair::random(); - let keystore = KeystoreBuilder::new(&keypair, password()) + let keystore = KeystoreBuilder::new(&keypair, good_password(), "".into()) .unwrap() .build() .unwrap(); @@ -40,7 +42,46 @@ fn string_round_trip() { ); assert_eq!( - decoded.decrypt_keypair(password()).unwrap(), + decoded.decrypt_keypair(good_password()).unwrap(), + keypair, + "should decrypt with good password" + ); +} + +#[test] +fn file() { + let keypair = Keypair::random(); + let dir = tempdir().unwrap(); + let path = dir.path().join("keystore.json"); + + let get_file = || { + OpenOptions::new() + .write(true) + .read(true) + .create(true) + .open(path.clone()) + .expect("should create file") + }; + + let keystore = KeystoreBuilder::new(&keypair, good_password(), "".into()) + .unwrap() + .build() + .unwrap(); + + keystore + .to_json_writer(&mut get_file()) + .expect("should write to file"); + + let decoded = Keystore::from_json_reader(&mut get_file()).expect("should read from file"); + + assert_eq!( + decoded.decrypt_keypair(bad_password()).err().unwrap(), + Error::InvalidPassword, + "should not decrypt with bad password" + ); + + assert_eq!( + decoded.decrypt_keypair(good_password()).unwrap(), keypair, "should decrypt with good password" ); From deea9d5ed613ed65321b9a92043625e119b58597 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Tue, 5 May 2020 15:45:57 +1000 Subject: [PATCH 39/63] Tidy --- Cargo.lock | 2 +- eth2/utils/eth2_keystore/src/lib.rs | 70 ++++++++++++++--------------- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b3a3bc0f9c7..e3220c27706 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1205,7 +1205,7 @@ dependencies = [ "serde 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)", "serde_json 1.0.51 (registry+https://github.com/rust-lang/crates.io-index)", "serde_repr 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", - "time 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", + "tempfile 3.1.0 (registry+https://github.com/rust-lang/crates.io-index)", "uuid 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", "zeroize 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)", ] diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index b1f0087e7ea..9740355eed6 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -1,3 +1,6 @@ +//! Provides a JSON keystore for a BLS keypair, as specified by +//! [EIP-2335](https://eips.ethereum.org/EIPS/eip-2335). + mod derived_key; mod json_keystore; mod password; @@ -22,12 +25,24 @@ use std::io::{Read, Write}; /// The byte-length of a BLS secret key. const SECRET_KEY_LEN: usize = 32; /// The default byte length of the salt used to seed the KDF. +/// +/// NOTE: there is no clear guidance in EIP-2335 regarding the size of this salt. Neither +/// [pbkdf2](https://www.ietf.org/rfc/rfc2898.txt) or [scrypt](https://tools.ietf.org/html/rfc7914) +/// make a clear statement about what size it should be, however 32-bytes certainly seems +/// reasonable and larger than their examples. const SALT_SIZE: usize = 32; /// The length of the derived key. const DKLEN: u32 = 32; -// TODO: comment +/// Size of the IV (initialization vector) used for aes-128-ctr encryption of private key material. +/// +/// NOTE: the EIP-2335 test vectors use a 16-byte IV whilst RFC3868 uses an 8-byte IV. Reference: +/// +/// - https://tools.ietf.org/html/rfc3686 +/// - https://github.com/ethereum/EIPs/issues/2339#issuecomment-623865023 +/// +/// I (Paul H) have raised with this Carl B., the author of EIP2335 and await a response. const IV_SIZE: usize = 16; -// TODO: comment +/// The byte size of a SHA256 hash. const HASH_SIZE: usize = 32; #[derive(Debug, PartialEq)] @@ -116,25 +131,20 @@ impl Keystore { uuid: Uuid, path: String, ) -> Result { - // Generate derived key let derived_key = derive_key(&password, &kdf); let secret = PlainText::from(keypair.sk.as_raw().as_bytes()); // Encrypt secret. - let cipher_message: Vec = match &cipher { + let mut cipher_text = vec![0; secret.len()]; + match &cipher { Cipher::Aes128Ctr(params) => { - // TODO: sanity checks - // TODO: check IV size - let mut cipher_text = vec![0; secret.len()]; - crypto::aes::ctr( crypto::aes::KeySize::KeySize128, derived_key.aes_key(), - &get_iv(params.iv.as_bytes())?, + params.iv.as_bytes(), ) .process(secret.as_bytes(), &mut cipher_text); - cipher_text } }; @@ -149,12 +159,12 @@ impl Keystore { checksum: ChecksumModule { function: Sha256Checksum::function(), params: EmptyMap, - message: generate_checksum(&derived_key, &cipher_message), + message: generate_checksum(&derived_key, &cipher_text), }, cipher: CipherModule { function: cipher.function(), params: cipher.clone(), - message: cipher_message.into(), + message: cipher_text.into(), }, }, uuid, @@ -184,31 +194,35 @@ impl Keystore { return Err(Error::InvalidPassword); } - let sk_bytes = match &self.json.crypto.cipher.params { + let mut plain_text = PlainText::zero(cipher_message.len()); + match &self.json.crypto.cipher.params { Cipher::Aes128Ctr(params) => { - // cipher.decrypt(&derived_key.aes_key(), &cipher_message) - let mut pt = PlainText::zero(cipher_message.len()); crypto::aes::ctr( crypto::aes::KeySize::KeySize128, derived_key.aes_key(), - &get_iv(¶ms.iv.as_bytes())?, + // NOTE: we do not check the size of the `iv` as there is no guidance about + // this on EIP-2335. + // + // Reference: + // + // - https://github.com/ethereum/EIPs/issues/2339#issuecomment-623865023 + params.iv.as_bytes(), ) - .process(cipher_message.as_bytes(), pt.as_mut_bytes()); - pt + .process(cipher_message.as_bytes(), plain_text.as_mut_bytes()); } }; // Verify that secret key material is correct length. - if sk_bytes.len() != SECRET_KEY_LEN { + if plain_text.len() != SECRET_KEY_LEN { return Err(Error::InvalidSecretKeyLen { - len: sk_bytes.len(), + len: plain_text.len(), expected: SECRET_KEY_LEN, }); } // Instantiate a `SecretKey`. let sk = - SecretKey::from_bytes(sk_bytes.as_bytes()).map_err(Error::InvalidSecretKeyBytes)?; + SecretKey::from_bytes(plain_text.as_bytes()).map_err(Error::InvalidSecretKeyBytes)?; // Derive a `PublicKey` from `SecretKey`. let pk = PublicKey::from_secret_key(&sk); @@ -291,20 +305,6 @@ fn derive_key(password: &Password, kdf: &Kdf) -> DerivedKey { dk } -// TODO: what says IV _must_ be 4 bytes? -fn get_iv(bytes: &[u8]) -> Result<[u8; IV_SIZE], Error> { - if bytes.len() == IV_SIZE { - let mut iv = [0; IV_SIZE]; - iv.copy_from_slice(bytes); - Ok(iv) - } else { - Err(Error::IncorrectIvSize { - expected: IV_SIZE, - len: bytes.len(), - }) - } -} - /// Compute floor of log2 of a u32. fn log2_int(x: u32) -> u32 { if x == 0 { From b2ebb7cf71a3f5a52f76fedd3567b280b58b77f7 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Tue, 5 May 2020 15:54:05 +1000 Subject: [PATCH 40/63] Move keystore into own file --- eth2/utils/eth2_keystore/src/derived_key.rs | 2 +- .../eth2_keystore/src/json_keystore/mod.rs | 6 + eth2/utils/eth2_keystore/src/keystore.rs | 308 ++++++++++++++++++ eth2/utils/eth2_keystore/src/lib.rs | 306 +---------------- eth2/utils/eth2_keystore/tests/json.rs | 123 +++++++ 5 files changed, 440 insertions(+), 305 deletions(-) create mode 100644 eth2/utils/eth2_keystore/src/keystore.rs diff --git a/eth2/utils/eth2_keystore/src/derived_key.rs b/eth2/utils/eth2_keystore/src/derived_key.rs index 57f6e6f6330..9b396f09a9d 100644 --- a/eth2/utils/eth2_keystore/src/derived_key.rs +++ b/eth2/utils/eth2_keystore/src/derived_key.rs @@ -1,4 +1,4 @@ -use crate::DKLEN; +use crate::keystore::DKLEN; use zeroize::Zeroize; #[derive(Zeroize)] diff --git a/eth2/utils/eth2_keystore/src/json_keystore/mod.rs b/eth2/utils/eth2_keystore/src/json_keystore/mod.rs index 01e0844744a..680f468c4a4 100644 --- a/eth2/utils/eth2_keystore/src/json_keystore/mod.rs +++ b/eth2/utils/eth2_keystore/src/json_keystore/mod.rs @@ -1,3 +1,9 @@ +//! This module intends to separate the JSON representation of the keystore from the actual crypto +//! logic. +//! +//! This module **MUST NOT** contain any logic beyond what is required to serialize/deserialize the +//! data structures. Specifically, there should not be any actual crypto logic in this file. + mod checksum_module; mod cipher_module; mod hex_bytes; diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs new file mode 100644 index 00000000000..e1090e4de03 --- /dev/null +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -0,0 +1,308 @@ +//! Provides a JSON keystore for a BLS keypair, as specified by +//! [EIP-2335](https://eips.ethereum.org/EIPS/eip-2335). + +use crate::derived_key::DerivedKey; +use crate::json_keystore::{ + Aes128Ctr, ChecksumModule, Cipher, CipherModule, Crypto, EmptyMap, HexBytes, JsonKeystore, Kdf, + KdfModule, Pbkdf2, Prf, Sha256Checksum, Version, +}; +use crate::plain_text::PlainText; +use crate::Password; +use crate::Uuid; +use bls::{Keypair, PublicKey, SecretKey}; +use crypto::{digest::Digest, sha2::Sha256}; +use rand::prelude::*; +use serde::{Deserialize, Serialize}; +use ssz::DecodeError; +use std::io::{Read, Write}; + +/// The byte-length of a BLS secret key. +const SECRET_KEY_LEN: usize = 32; +/// The default byte length of the salt used to seed the KDF. +/// +/// NOTE: there is no clear guidance in EIP-2335 regarding the size of this salt. Neither +/// [pbkdf2](https://www.ietf.org/rfc/rfc2898.txt) or [scrypt](https://tools.ietf.org/html/rfc7914) +/// make a clear statement about what size it should be, however 32-bytes certainly seems +/// reasonable and larger than their examples. +const SALT_SIZE: usize = 32; +/// The length of the derived key. +pub const DKLEN: u32 = 32; +/// Size of the IV (initialization vector) used for aes-128-ctr encryption of private key material. +/// +/// NOTE: the EIP-2335 test vectors use a 16-byte IV whilst RFC3868 uses an 8-byte IV. Reference: +/// +/// - https://tools.ietf.org/html/rfc3686 +/// - https://github.com/ethereum/EIPs/issues/2339#issuecomment-623865023 +/// +/// I (Paul H) have raised with this Carl B., the author of EIP2335 and await a response. +const IV_SIZE: usize = 16; +/// The byte size of a SHA256 hash. +const HASH_SIZE: usize = 32; + +#[derive(Debug, PartialEq)] +pub enum Error { + InvalidSecretKeyLen { len: usize, expected: usize }, + InvalidPassword, + InvalidSecretKeyBytes(DecodeError), + PublicKeyMismatch, + EmptyPassword, + UnableToSerialize(String), + InvalidJson(String), + WriteError(String), + ReadError(String), + IncorrectIvSize { expected: usize, len: usize }, +} + +/// Constructs a `Keystore`. +pub struct KeystoreBuilder<'a> { + keypair: &'a Keypair, + password: Password, + kdf: Kdf, + cipher: Cipher, + uuid: Uuid, + path: String, +} + +impl<'a> KeystoreBuilder<'a> { + /// Creates a new builder. + /// + /// ## Errors + /// + /// Returns `Error::EmptyPassword` if `password == ""`. + pub fn new(keypair: &'a Keypair, password: Password, path: String) -> Result { + if password.as_str() == "" { + Err(Error::EmptyPassword) + } else { + let salt = rand::thread_rng().gen::<[u8; SALT_SIZE]>(); + let iv = rand::thread_rng().gen::<[u8; IV_SIZE]>().to_vec().into(); + + Ok(Self { + keypair, + password, + kdf: Kdf::Pbkdf2(Pbkdf2 { + dklen: DKLEN, + c: 262144, + prf: Prf::default(), + salt: salt.to_vec().into(), + }), + cipher: Cipher::Aes128Ctr(Aes128Ctr { iv }), + uuid: Uuid::new_v4(), + path, + }) + } + } + + /// Consumes `self`, returning a `Keystore`. + pub fn build(self) -> Result { + Keystore::encrypt( + self.keypair, + self.password, + self.kdf, + self.cipher, + self.uuid, + self.path, + ) + } +} + +/// Provides a BLS keystore as defined in [EIP-2335](https://eips.ethereum.org/EIPS/eip-2335). +/// +/// Use `KeystoreBuilder` to create a new keystore. +#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] +#[serde(transparent)] +pub struct Keystore { + json: JsonKeystore, +} + +impl Keystore { + /// Generate `Keystore` object for a BLS12-381 secret key from a + /// keypair and password. + fn encrypt( + keypair: &Keypair, + password: Password, + kdf: Kdf, + cipher: Cipher, + uuid: Uuid, + path: String, + ) -> Result { + let derived_key = derive_key(&password, &kdf); + + let secret = PlainText::from(keypair.sk.as_raw().as_bytes()); + + // Encrypt secret. + let mut cipher_text = vec![0; secret.len()]; + match &cipher { + Cipher::Aes128Ctr(params) => { + crypto::aes::ctr( + crypto::aes::KeySize::KeySize128, + derived_key.aes_key(), + params.iv.as_bytes(), + ) + .process(secret.as_bytes(), &mut cipher_text); + } + }; + + Ok(Keystore { + json: JsonKeystore { + crypto: Crypto { + kdf: KdfModule { + function: kdf.function(), + params: kdf.clone(), + message: HexBytes::empty(), + }, + checksum: ChecksumModule { + function: Sha256Checksum::function(), + params: EmptyMap, + message: generate_checksum(&derived_key, &cipher_text), + }, + cipher: CipherModule { + function: cipher.function(), + params: cipher.clone(), + message: cipher_text.into(), + }, + }, + uuid, + path, + pubkey: keypair.pk.as_hex_string()[2..].to_string(), + version: Version::four(), + }, + }) + } + + /// Regenerate a BLS12-381 `Keypair` from `self` and the correct password. + /// + /// ## Errors + /// + /// - The provided password is incorrect. + /// - The keystore is badly formed. + pub fn decrypt_keypair(&self, password: Password) -> Result { + let cipher_message = &self.json.crypto.cipher.message; + + // Generate derived key + let derived_key = derive_key(&password, &self.json.crypto.kdf.params); + + // Mismatching checksum indicates an invalid password. + if generate_checksum(&derived_key, cipher_message.as_bytes()) + != self.json.crypto.checksum.message + { + return Err(Error::InvalidPassword); + } + + let mut plain_text = PlainText::zero(cipher_message.len()); + match &self.json.crypto.cipher.params { + Cipher::Aes128Ctr(params) => { + crypto::aes::ctr( + crypto::aes::KeySize::KeySize128, + derived_key.aes_key(), + // NOTE: we do not check the size of the `iv` as there is no guidance about + // this on EIP-2335. + // + // Reference: + // + // - https://github.com/ethereum/EIPs/issues/2339#issuecomment-623865023 + params.iv.as_bytes(), + ) + .process(cipher_message.as_bytes(), plain_text.as_mut_bytes()); + } + }; + + // Verify that secret key material is correct length. + if plain_text.len() != SECRET_KEY_LEN { + return Err(Error::InvalidSecretKeyLen { + len: plain_text.len(), + expected: SECRET_KEY_LEN, + }); + } + + // Instantiate a `SecretKey`. + let sk = + SecretKey::from_bytes(plain_text.as_bytes()).map_err(Error::InvalidSecretKeyBytes)?; + + // Derive a `PublicKey` from `SecretKey`. + let pk = PublicKey::from_secret_key(&sk); + + // Verify that the derived `PublicKey` matches `self`. + if pk.as_hex_string()[2..].to_string() != self.json.pubkey { + return Err(Error::PublicKeyMismatch); + } + + Ok(Keypair { sk, pk }) + } + + /// Returns the UUID for the keystore. + pub fn uuid(&self) -> &Uuid { + &self.json.uuid + } + + /// Encodes `self` as a JSON object. + pub fn to_json_string(&self) -> Result { + serde_json::to_string(self).map_err(|e| Error::UnableToSerialize(format!("{}", e))) + } + + /// Returns `self` encoded as a JSON object. + pub fn from_json_str(json_string: &str) -> Result { + serde_json::from_str(json_string).map_err(|e| Error::InvalidJson(format!("{}", e))) + } + + /// Encodes self as a JSON object to the given `writer`. + pub fn to_json_writer(&self, writer: W) -> Result<(), Error> { + serde_json::to_writer(writer, self).map_err(|e| Error::WriteError(format!("{}", e))) + } + + /// Instantiates `self` from a JSON `reader`. + pub fn from_json_reader(reader: R) -> Result { + serde_json::from_reader(reader).map_err(|e| Error::ReadError(format!("{}", e))) + } +} + +/// Generates a checksum to indicate that the `derived_key` is associated with the +/// `cipher_message`. +fn generate_checksum(derived_key: &DerivedKey, cipher_message: &[u8]) -> HexBytes { + let mut hasher = Sha256::new(); + hasher.input(derived_key.checksum_slice()); + hasher.input(cipher_message); + + let mut digest = vec![0; HASH_SIZE]; + hasher.result(&mut digest); + + digest.into() +} + +/// Derive a private key from the given `password` using the given `kdf` (key derivation function). +fn derive_key(password: &Password, kdf: &Kdf) -> DerivedKey { + let mut dk = DerivedKey::zero(); + + match &kdf { + Kdf::Pbkdf2(params) => { + let mut mac = params.prf.mac(password.as_bytes()); + + crypto::pbkdf2::pbkdf2( + &mut mac, + params.salt.as_bytes(), + params.c, + dk.as_mut_bytes(), + ); + } + Kdf::Scrypt(params) => { + // Assert that `n` is power of 2 + debug_assert_eq!(params.n, 2u32.pow(log2_int(params.n))); + + crypto::scrypt::scrypt( + password.as_bytes(), + params.salt.as_bytes(), + &crypto::scrypt::ScryptParams::new(log2_int(params.n) as u8, params.r, params.p), + dk.as_mut_bytes(), + ); + } + } + + dk +} + +/// Compute floor of log2 of a u32. +fn log2_int(x: u32) -> u32 { + if x == 0 { + return 0; + } + 31 - x.leading_zeros() +} diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index 9740355eed6..e907a656077 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -3,312 +3,10 @@ mod derived_key; mod json_keystore; +mod keystore; mod password; mod plain_text; +pub use keystore::{Error, Keystore, KeystoreBuilder}; pub use password::Password; pub use uuid::Uuid; - -use bls::{Keypair, PublicKey, SecretKey}; -use crypto::{digest::Digest, sha2::Sha256}; -use derived_key::DerivedKey; -use json_keystore::{ - Aes128Ctr, ChecksumModule, Cipher, CipherModule, Crypto, EmptyMap, HexBytes, JsonKeystore, Kdf, - KdfModule, Pbkdf2, Prf, Sha256Checksum, Version, -}; -use plain_text::PlainText; -use rand::prelude::*; -use serde::{Deserialize, Serialize}; -use ssz::DecodeError; -use std::io::{Read, Write}; - -/// The byte-length of a BLS secret key. -const SECRET_KEY_LEN: usize = 32; -/// The default byte length of the salt used to seed the KDF. -/// -/// NOTE: there is no clear guidance in EIP-2335 regarding the size of this salt. Neither -/// [pbkdf2](https://www.ietf.org/rfc/rfc2898.txt) or [scrypt](https://tools.ietf.org/html/rfc7914) -/// make a clear statement about what size it should be, however 32-bytes certainly seems -/// reasonable and larger than their examples. -const SALT_SIZE: usize = 32; -/// The length of the derived key. -const DKLEN: u32 = 32; -/// Size of the IV (initialization vector) used for aes-128-ctr encryption of private key material. -/// -/// NOTE: the EIP-2335 test vectors use a 16-byte IV whilst RFC3868 uses an 8-byte IV. Reference: -/// -/// - https://tools.ietf.org/html/rfc3686 -/// - https://github.com/ethereum/EIPs/issues/2339#issuecomment-623865023 -/// -/// I (Paul H) have raised with this Carl B., the author of EIP2335 and await a response. -const IV_SIZE: usize = 16; -/// The byte size of a SHA256 hash. -const HASH_SIZE: usize = 32; - -#[derive(Debug, PartialEq)] -pub enum Error { - InvalidSecretKeyLen { len: usize, expected: usize }, - InvalidPassword, - InvalidSecretKeyBytes(DecodeError), - PublicKeyMismatch, - EmptyPassword, - UnableToSerialize(String), - InvalidJson(String), - WriteError(String), - ReadError(String), - IncorrectIvSize { expected: usize, len: usize }, -} - -/// Constructs a `Keystore`. -pub struct KeystoreBuilder<'a> { - keypair: &'a Keypair, - password: Password, - kdf: Kdf, - cipher: Cipher, - uuid: Uuid, - path: String, -} - -impl<'a> KeystoreBuilder<'a> { - /// Creates a new builder. - /// - /// ## Errors - /// - /// Returns `Error::EmptyPassword` if `password == ""`. - pub fn new(keypair: &'a Keypair, password: Password, path: String) -> Result { - if password.as_str() == "" { - Err(Error::EmptyPassword) - } else { - let salt = rand::thread_rng().gen::<[u8; SALT_SIZE]>(); - let iv = rand::thread_rng().gen::<[u8; IV_SIZE]>().to_vec().into(); - - Ok(Self { - keypair, - password, - kdf: Kdf::Pbkdf2(Pbkdf2 { - dklen: DKLEN, - c: 262144, - prf: Prf::default(), - salt: salt.to_vec().into(), - }), - cipher: Cipher::Aes128Ctr(Aes128Ctr { iv }), - uuid: Uuid::new_v4(), - path, - }) - } - } - - /// Consumes `self`, returning a `Keystore`. - pub fn build(self) -> Result { - Keystore::encrypt( - self.keypair, - self.password, - self.kdf, - self.cipher, - self.uuid, - self.path, - ) - } -} - -/// Provides a BLS keystore as defined in [EIP-2335](https://eips.ethereum.org/EIPS/eip-2335). -/// -/// Use `KeystoreBuilder` to create a new keystore. -#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] -#[serde(transparent)] -pub struct Keystore { - json: JsonKeystore, -} - -impl Keystore { - /// Generate `Keystore` object for a BLS12-381 secret key from a - /// keypair and password. - fn encrypt( - keypair: &Keypair, - password: Password, - kdf: Kdf, - cipher: Cipher, - uuid: Uuid, - path: String, - ) -> Result { - let derived_key = derive_key(&password, &kdf); - - let secret = PlainText::from(keypair.sk.as_raw().as_bytes()); - - // Encrypt secret. - let mut cipher_text = vec![0; secret.len()]; - match &cipher { - Cipher::Aes128Ctr(params) => { - crypto::aes::ctr( - crypto::aes::KeySize::KeySize128, - derived_key.aes_key(), - params.iv.as_bytes(), - ) - .process(secret.as_bytes(), &mut cipher_text); - } - }; - - Ok(Keystore { - json: JsonKeystore { - crypto: Crypto { - kdf: KdfModule { - function: kdf.function(), - params: kdf.clone(), - message: HexBytes::empty(), - }, - checksum: ChecksumModule { - function: Sha256Checksum::function(), - params: EmptyMap, - message: generate_checksum(&derived_key, &cipher_text), - }, - cipher: CipherModule { - function: cipher.function(), - params: cipher.clone(), - message: cipher_text.into(), - }, - }, - uuid, - path, - pubkey: keypair.pk.as_hex_string()[2..].to_string(), - version: Version::four(), - }, - }) - } - - /// Regenerate a BLS12-381 `Keypair` from `self` and the correct password. - /// - /// ## Errors - /// - /// - The provided password is incorrect. - /// - The keystore is badly formed. - pub fn decrypt_keypair(&self, password: Password) -> Result { - let cipher_message = &self.json.crypto.cipher.message; - - // Generate derived key - let derived_key = derive_key(&password, &self.json.crypto.kdf.params); - - // Mismatching checksum indicates an invalid password. - if generate_checksum(&derived_key, cipher_message.as_bytes()) - != self.json.crypto.checksum.message - { - return Err(Error::InvalidPassword); - } - - let mut plain_text = PlainText::zero(cipher_message.len()); - match &self.json.crypto.cipher.params { - Cipher::Aes128Ctr(params) => { - crypto::aes::ctr( - crypto::aes::KeySize::KeySize128, - derived_key.aes_key(), - // NOTE: we do not check the size of the `iv` as there is no guidance about - // this on EIP-2335. - // - // Reference: - // - // - https://github.com/ethereum/EIPs/issues/2339#issuecomment-623865023 - params.iv.as_bytes(), - ) - .process(cipher_message.as_bytes(), plain_text.as_mut_bytes()); - } - }; - - // Verify that secret key material is correct length. - if plain_text.len() != SECRET_KEY_LEN { - return Err(Error::InvalidSecretKeyLen { - len: plain_text.len(), - expected: SECRET_KEY_LEN, - }); - } - - // Instantiate a `SecretKey`. - let sk = - SecretKey::from_bytes(plain_text.as_bytes()).map_err(Error::InvalidSecretKeyBytes)?; - - // Derive a `PublicKey` from `SecretKey`. - let pk = PublicKey::from_secret_key(&sk); - - // Verify that the derived `PublicKey` matches `self`. - if pk.as_hex_string()[2..].to_string() != self.json.pubkey { - return Err(Error::PublicKeyMismatch); - } - - Ok(Keypair { sk, pk }) - } - - /// Returns the UUID for the keystore. - pub fn uuid(&self) -> &Uuid { - &self.json.uuid - } - - /// Encodes `self` as a JSON object. - pub fn to_json_string(&self) -> Result { - serde_json::to_string(self).map_err(|e| Error::UnableToSerialize(format!("{}", e))) - } - - /// Returns `self` encoded as a JSON object. - pub fn from_json_str(json_string: &str) -> Result { - serde_json::from_str(json_string).map_err(|e| Error::InvalidJson(format!("{}", e))) - } - - /// Encodes self as a JSON object to the given `writer`. - pub fn to_json_writer(&self, writer: W) -> Result<(), Error> { - serde_json::to_writer(writer, self).map_err(|e| Error::WriteError(format!("{}", e))) - } - - /// Instantiates `self` from a JSON `reader`. - pub fn from_json_reader(reader: R) -> Result { - serde_json::from_reader(reader).map_err(|e| Error::ReadError(format!("{}", e))) - } -} - -/// Generates a checksum to indicate that the `derived_key` is associated with the -/// `cipher_message`. -fn generate_checksum(derived_key: &DerivedKey, cipher_message: &[u8]) -> HexBytes { - let mut hasher = Sha256::new(); - hasher.input(derived_key.checksum_slice()); - hasher.input(cipher_message); - - let mut digest = vec![0; HASH_SIZE]; - hasher.result(&mut digest); - - digest.into() -} - -/// Derive a private key from the given `password` using the given `kdf` (key derivation function). -fn derive_key(password: &Password, kdf: &Kdf) -> DerivedKey { - let mut dk = DerivedKey::zero(); - - match &kdf { - Kdf::Pbkdf2(params) => { - let mut mac = params.prf.mac(password.as_bytes()); - - crypto::pbkdf2::pbkdf2( - &mut mac, - params.salt.as_bytes(), - params.c, - dk.as_mut_bytes(), - ); - } - Kdf::Scrypt(params) => { - // Assert that `n` is power of 2 - debug_assert_eq!(params.n, 2u32.pow(log2_int(params.n))); - - crypto::scrypt::scrypt( - password.as_bytes(), - params.salt.as_bytes(), - &crypto::scrypt::ScryptParams::new(log2_int(params.n) as u8, params.r, params.p), - dk.as_mut_bytes(), - ); - } - } - - dk -} - -/// Compute floor of log2 of a u32. -fn log2_int(x: u32) -> u32 { - if x == 0 { - return 0; - } - 31 - x.leading_zeros() -} diff --git a/eth2/utils/eth2_keystore/tests/json.rs b/eth2/utils/eth2_keystore/tests/json.rs index 8dd79c4b3d8..d21a9310773 100644 --- a/eth2/utils/eth2_keystore/tests/json.rs +++ b/eth2/utils/eth2_keystore/tests/json.rs @@ -549,3 +549,126 @@ fn missing_version() { _ => panic!("expected invalid json error"), } } + +#[test] +fn pbkdf2_bad_hmac() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "pbkdf2", + "params": { + "dklen": 32, + "c": 262144, + "prf": "bad-hmac-sha256", + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "path": "m/12381/60/0/0", + "uuid": "64625def-3331-4eea-ab6f-782f3ed16a83", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn pbkdf2_additional_parameter() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "pbkdf2", + "params": { + "dklen": 32, + "c": 262144, + "prf": "hmac-sha256", + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3", + "cats": 42 + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "path": "m/12381/60/0/0", + "uuid": "64625def-3331-4eea-ab6f-782f3ed16a83", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn pbkdf2_missing_parameter() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "pbkdf2", + "params": { + "c": 262144, + "prf": "hmac-sha256", + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "path": "m/12381/60/0/0", + "uuid": "64625def-3331-4eea-ab6f-782f3ed16a83", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} From 5b48f444040fb4f6de72491e87f3b3af8558422a Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Tue, 5 May 2020 15:58:39 +1000 Subject: [PATCH 41/63] Move more logic into keystore file --- eth2/utils/eth2_keystore/src/derived_key.rs | 23 ++++----------------- eth2/utils/eth2_keystore/src/keystore.rs | 6 +++--- 2 files changed, 7 insertions(+), 22 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/derived_key.rs b/eth2/utils/eth2_keystore/src/derived_key.rs index 9b396f09a9d..9ebb723bfff 100644 --- a/eth2/utils/eth2_keystore/src/derived_key.rs +++ b/eth2/utils/eth2_keystore/src/derived_key.rs @@ -6,7 +6,7 @@ use zeroize::Zeroize; pub struct DerivedKey([u8; DKLEN as usize]); impl DerivedKey { - /// Instantiates `Self` with a all-zeros byte array. + /// Instantiates `Self` with an all-zeros byte array. pub fn zero() -> Self { Self([0; DKLEN as usize]) } @@ -16,23 +16,8 @@ impl DerivedKey { &mut self.0 } - /// Returns the `DK_slice` bytes used for checksum comparison. - /// - /// ## Reference - /// - /// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2335.md#procedure - pub fn checksum_slice(&self) -> &[u8] { - &self.0[16..32] - } - - /// Returns the aes-128-ctr key. - /// - /// Only the first 16 bytes of the decryption_key are used as the AES key. - /// - /// ## Reference - /// - /// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2335.md#secret-decryption - pub fn aes_key(&self) -> &[u8] { - &self.0[0..16] + /// Returns a reference to the underlying byte array. + pub fn as_bytes(&self) -> &[u8] { + &self.0 } } diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index e1090e4de03..1b835f7c4ec 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -135,7 +135,7 @@ impl Keystore { Cipher::Aes128Ctr(params) => { crypto::aes::ctr( crypto::aes::KeySize::KeySize128, - derived_key.aes_key(), + &derived_key.as_bytes()[0..16], params.iv.as_bytes(), ) .process(secret.as_bytes(), &mut cipher_text); @@ -193,7 +193,7 @@ impl Keystore { Cipher::Aes128Ctr(params) => { crypto::aes::ctr( crypto::aes::KeySize::KeySize128, - derived_key.aes_key(), + &derived_key.as_bytes()[0..16], // NOTE: we do not check the size of the `iv` as there is no guidance about // this on EIP-2335. // @@ -259,7 +259,7 @@ impl Keystore { /// `cipher_message`. fn generate_checksum(derived_key: &DerivedKey, cipher_message: &[u8]) -> HexBytes { let mut hasher = Sha256::new(); - hasher.input(derived_key.checksum_slice()); + hasher.input(&derived_key.as_bytes()[16..32]); hasher.input(cipher_message); let mut digest = vec![0; HASH_SIZE]; From 646b8f9a089526eee72749dff1ad27fa5b1db373 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Tue, 5 May 2020 16:06:39 +1000 Subject: [PATCH 42/63] Tidy --- eth2/utils/eth2_keystore/src/derived_key.rs | 1 + eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs | 2 +- eth2/utils/eth2_keystore/src/password.rs | 3 +++ eth2/utils/eth2_keystore/src/plain_text.rs | 2 +- validator_client/Cargo.toml | 1 - 5 files changed, 6 insertions(+), 3 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/derived_key.rs b/eth2/utils/eth2_keystore/src/derived_key.rs index 9ebb723bfff..c61d9329297 100644 --- a/eth2/utils/eth2_keystore/src/derived_key.rs +++ b/eth2/utils/eth2_keystore/src/derived_key.rs @@ -1,6 +1,7 @@ use crate::keystore::DKLEN; use zeroize::Zeroize; +/// Provides wrapper around `[u8; DKLEN]` that implements `Zeroize`. #[derive(Zeroize)] #[zeroize(drop)] pub struct DerivedKey([u8; DKLEN as usize]); diff --git a/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs b/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs index e05882a6588..20e2c82990e 100644 --- a/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs +++ b/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs @@ -1,7 +1,7 @@ use serde::{Deserialize, Serialize}; use std::convert::TryFrom; -/// Used for ensuring that serde only decodes valid checksum functions. +/// To allow serde to encode/decode byte arrays from HEX ASCII strings. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] #[serde(try_from = "String", into = "String")] pub struct HexBytes(Vec); diff --git a/eth2/utils/eth2_keystore/src/password.rs b/eth2/utils/eth2_keystore/src/password.rs index b3fea49477e..d616d5054b3 100644 --- a/eth2/utils/eth2_keystore/src/password.rs +++ b/eth2/utils/eth2_keystore/src/password.rs @@ -1,14 +1,17 @@ use zeroize::Zeroize; +/// Provides a wrapper around `String` that implements `Zeroize`. #[derive(Zeroize, Clone, PartialEq)] #[zeroize(drop)] pub struct Password(String); impl Password { + /// Returns a reference to the underlying `String`. pub fn as_str(&self) -> &str { self.0.as_str() } + /// Returns a reference to the underlying `String`, as bytes. pub fn as_bytes(&self) -> &[u8] { self.0.as_str().as_bytes() } diff --git a/eth2/utils/eth2_keystore/src/plain_text.rs b/eth2/utils/eth2_keystore/src/plain_text.rs index eb8454d3630..a643cdfb1fa 100644 --- a/eth2/utils/eth2_keystore/src/plain_text.rs +++ b/eth2/utils/eth2_keystore/src/plain_text.rs @@ -1,6 +1,6 @@ use zeroize::Zeroize; -/// Provides wrapper around `Vec` that implements zeroize. +/// Provides wrapper around `Vec` that implements `Zeroize`. #[derive(Zeroize, Clone, PartialEq)] #[zeroize(drop)] pub struct PlainText(Vec); diff --git a/validator_client/Cargo.toml b/validator_client/Cargo.toml index 22f01b2eef3..68dfc906d07 100644 --- a/validator_client/Cargo.toml +++ b/validator_client/Cargo.toml @@ -20,7 +20,6 @@ types = { path = "../eth2/types" } serde = "1.0.102" serde_derive = "1.0.102" serde_json = "1.0.41" -serde_repr = "0.1" slog = { version = "2.5.2", features = ["max_level_trace", "release_max_level_trace"] } slog-async = "2.3.0" slog-term = "2.4.2" From 4b28c01a062835b11fb52503362d1adb1c0aba66 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Tue, 5 May 2020 16:11:05 +1000 Subject: [PATCH 43/63] Tidy --- Cargo.lock | 1 - eth2/utils/eth2_keystore/src/keystore.rs | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e3220c27706..dcf830ef2dd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4802,7 +4802,6 @@ dependencies = [ "serde 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)", "serde_derive 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)", "serde_json 1.0.51 (registry+https://github.com/rust-lang/crates.io-index)", - "serde_repr 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", "slog 2.5.2 (registry+https://github.com/rust-lang/crates.io-index)", "slog-async 2.5.0 (registry+https://github.com/rust-lang/crates.io-index)", "slog-term 2.5.0 (registry+https://github.com/rust-lang/crates.io-index)", diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index 1b835f7c4ec..deb5990db3a 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -147,7 +147,7 @@ impl Keystore { crypto: Crypto { kdf: KdfModule { function: kdf.function(), - params: kdf.clone(), + params: kdf, message: HexBytes::empty(), }, checksum: ChecksumModule { @@ -157,7 +157,7 @@ impl Keystore { }, cipher: CipherModule { function: cipher.function(), - params: cipher.clone(), + params: cipher, message: cipher_text.into(), }, }, From d1f313596478b22688d6fadfd6e228d31a5f97e8 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Wed, 6 May 2020 10:27:32 +1000 Subject: [PATCH 44/63] Allow for odd-character hex --- .../src/json_keystore/hex_bytes.rs | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs b/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs index 20e2c82990e..dfa03d84885 100644 --- a/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs +++ b/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs @@ -36,8 +36,41 @@ impl TryFrom for HexBytes { type Error = String; fn try_from(s: String) -> Result { + // Left-pad with a zero if there is not an even number of hex digits to ensure + // `hex::decode` doesn't return an error. + let s = if s.len() % 2 != 0 { + format!("0{}", s) + } else { + s + }; + hex::decode(s) .map(Self) .map_err(|e| format!("Invalid hex: {}", e)) } } + +#[cfg(test)] +mod tests { + use super::*; + + fn decode(json: &str) -> Vec { + serde_json::from_str::(&format!("\"{}\"", json)) + .expect("should decode json") + .as_bytes() + .to_vec() + } + + #[test] + fn odd_hex_bytes() { + let empty: Vec = vec![]; + + assert_eq!(decode(""), empty, "should decode nothing"); + assert_eq!(decode("00"), vec![0], "should decode 00"); + assert_eq!(decode("0"), vec![0], "should decode 0"); + assert_eq!(decode("01"), vec![1], "should decode 01"); + assert_eq!(decode("1"), vec![1], "should decode 1"); + assert_eq!(decode("0101"), vec![1, 1], "should decode 0101"); + assert_eq!(decode("101"), vec![1, 1], "should decode 101"); + } +} From 03b5e69f982ecaa76dcd429cf05bbffde89b8f3d Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 11:33:56 +1000 Subject: [PATCH 45/63] Add more json missing field checks --- .../src/json_keystore/checksum_module.rs | 1 + .../src/json_keystore/cipher_module.rs | 1 + .../src/json_keystore/kdf_module.rs | 1 + .../eth2_keystore/src/json_keystore/mod.rs | 2 + eth2/utils/eth2_keystore/tests/json.rs | 259 +++++++++++++++++- 5 files changed, 263 insertions(+), 1 deletion(-) diff --git a/eth2/utils/eth2_keystore/src/json_keystore/checksum_module.rs b/eth2/utils/eth2_keystore/src/json_keystore/checksum_module.rs index 521dc2dc606..c0a3f4d2a4a 100644 --- a/eth2/utils/eth2_keystore/src/json_keystore/checksum_module.rs +++ b/eth2/utils/eth2_keystore/src/json_keystore/checksum_module.rs @@ -58,6 +58,7 @@ impl TryFrom for EmptyMap { /// Checksum module for `Keystore`. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(deny_unknown_fields)] pub struct ChecksumModule { pub function: ChecksumFunction, pub params: EmptyMap, diff --git a/eth2/utils/eth2_keystore/src/json_keystore/cipher_module.rs b/eth2/utils/eth2_keystore/src/json_keystore/cipher_module.rs index 6af5db2a895..5300b2f8b28 100644 --- a/eth2/utils/eth2_keystore/src/json_keystore/cipher_module.rs +++ b/eth2/utils/eth2_keystore/src/json_keystore/cipher_module.rs @@ -35,6 +35,7 @@ impl TryFrom for CipherFunction { /// Cipher module representation. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(deny_unknown_fields)] pub struct CipherModule { pub function: CipherFunction, pub params: Cipher, diff --git a/eth2/utils/eth2_keystore/src/json_keystore/kdf_module.rs b/eth2/utils/eth2_keystore/src/json_keystore/kdf_module.rs index 79c6e2a243a..80430ecf35a 100644 --- a/eth2/utils/eth2_keystore/src/json_keystore/kdf_module.rs +++ b/eth2/utils/eth2_keystore/src/json_keystore/kdf_module.rs @@ -11,6 +11,7 @@ use std::convert::TryFrom; /// KDF module representation. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(deny_unknown_fields)] pub struct KdfModule { pub function: KdfFunction, pub params: Kdf, diff --git a/eth2/utils/eth2_keystore/src/json_keystore/mod.rs b/eth2/utils/eth2_keystore/src/json_keystore/mod.rs index 680f468c4a4..5e884fa9835 100644 --- a/eth2/utils/eth2_keystore/src/json_keystore/mod.rs +++ b/eth2/utils/eth2_keystore/src/json_keystore/mod.rs @@ -20,6 +20,7 @@ use serde_repr::*; /// JSON representation of [EIP-2335](https://eips.ethereum.org/EIPS/eip-2335) keystore. #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] +#[serde(deny_unknown_fields)] pub struct JsonKeystore { pub crypto: Crypto, pub uuid: Uuid, @@ -43,6 +44,7 @@ impl Version { /// Crypto module for keystore. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(deny_unknown_fields)] pub struct Crypto { pub kdf: KdfModule, pub checksum: ChecksumModule, diff --git a/eth2/utils/eth2_keystore/tests/json.rs b/eth2/utils/eth2_keystore/tests/json.rs index d21a9310773..cb38589c79b 100644 --- a/eth2/utils/eth2_keystore/tests/json.rs +++ b/eth2/utils/eth2_keystore/tests/json.rs @@ -2,8 +2,265 @@ use eth2_keystore::{Error, Keystore}; +/// A valid keystore we can mutate to ensure our JSON encoding is strict. +/// +/// If this test doesn't pass then it all previous tests are unreliable. #[test] -fn version() { +fn reference_scrypt() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + assert!(Keystore::from_json_str(&vector).is_ok()); +} + +#[test] +fn additional_top_level_key() { + let vector = r#" + { + "cats": 42, + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn additional_cipher_key() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "cats": 42, + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn additional_checksum_key() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "cats": 42, + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn additional_kdf_key() { + let vector = r#" + { + "crypto": { + "kdf": { + "cats": 42, + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn additional_crypto_key() { + let vector = r#" + { + "crypto": { + "cats": 42, + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + +#[test] +fn bad_version() { let vector = r#" { "crypto": { From d2c43a6105d11d0db8ad995d5e76f3a728844281 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 11:46:48 +1000 Subject: [PATCH 46/63] Use scrypt by default --- eth2/utils/eth2_keystore/src/json_keystore/mod.rs | 2 +- eth2/utils/eth2_keystore/src/keystore.rs | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/json_keystore/mod.rs b/eth2/utils/eth2_keystore/src/json_keystore/mod.rs index 5e884fa9835..0ebfad01f7e 100644 --- a/eth2/utils/eth2_keystore/src/json_keystore/mod.rs +++ b/eth2/utils/eth2_keystore/src/json_keystore/mod.rs @@ -12,7 +12,7 @@ mod kdf_module; pub use checksum_module::{ChecksumModule, EmptyMap, Sha256Checksum}; pub use cipher_module::{Aes128Ctr, Cipher, CipherModule}; pub use hex_bytes::HexBytes; -pub use kdf_module::{Kdf, KdfModule, Pbkdf2, Prf}; +pub use kdf_module::{Kdf, KdfModule, Pbkdf2, Prf, Scrypt}; pub use uuid::Uuid; use serde::{Deserialize, Serialize}; diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index deb5990db3a..57e15e38b90 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -4,7 +4,7 @@ use crate::derived_key::DerivedKey; use crate::json_keystore::{ Aes128Ctr, ChecksumModule, Cipher, CipherModule, Crypto, EmptyMap, HexBytes, JsonKeystore, Kdf, - KdfModule, Pbkdf2, Prf, Sha256Checksum, Version, + KdfModule, Scrypt, Sha256Checksum, Version, }; use crate::plain_text::PlainText; use crate::Password; @@ -79,10 +79,12 @@ impl<'a> KeystoreBuilder<'a> { Ok(Self { keypair, password, - kdf: Kdf::Pbkdf2(Pbkdf2 { + // Using scrypt as the default algorithm due to its memory hardness properties. + kdf: Kdf::Scrypt(Scrypt { dklen: DKLEN, - c: 262144, - prf: Prf::default(), + n: 262144, + p: 1, + r: 8, salt: salt.to_vec().into(), }), cipher: Cipher::Aes128Ctr(Aes128Ctr { iv }), From b137e8206b79f189863d60b201d183cae296580a Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 11:47:03 +1000 Subject: [PATCH 47/63] Tidy, address comments --- .../src/json_keystore/checksum_module.rs | 2 +- eth2/utils/eth2_keystore/src/keystore.rs | 15 ++++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/json_keystore/checksum_module.rs b/eth2/utils/eth2_keystore/src/json_keystore/checksum_module.rs index c0a3f4d2a4a..bbcc418185d 100644 --- a/eth2/utils/eth2_keystore/src/json_keystore/checksum_module.rs +++ b/eth2/utils/eth2_keystore/src/json_keystore/checksum_module.rs @@ -34,7 +34,7 @@ impl TryFrom for ChecksumFunction { } } -/// Used for ensuring serde only decode an empty map +/// Used for ensuring serde only decodes an empty map. #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] #[serde(try_from = "Value", into = "Value")] pub struct EmptyMap; diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index 57e15e38b90..4a7b900f82e 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -23,7 +23,7 @@ const SECRET_KEY_LEN: usize = 32; /// NOTE: there is no clear guidance in EIP-2335 regarding the size of this salt. Neither /// [pbkdf2](https://www.ietf.org/rfc/rfc2898.txt) or [scrypt](https://tools.ietf.org/html/rfc7914) /// make a clear statement about what size it should be, however 32-bytes certainly seems -/// reasonable and larger than their examples. +/// reasonable and larger than the EITF examples. const SALT_SIZE: usize = 32; /// The length of the derived key. pub const DKLEN: u32 = 32; @@ -34,7 +34,14 @@ pub const DKLEN: u32 = 32; /// - https://tools.ietf.org/html/rfc3686 /// - https://github.com/ethereum/EIPs/issues/2339#issuecomment-623865023 /// -/// I (Paul H) have raised with this Carl B., the author of EIP2335 and await a response. +/// Comment from Carl B, author of EIP-2335: +/// +/// AES CTR IV's should be the same length as the internal blocks in my understanding. (The IV is +/// the first block input.) +/// +/// As far as I know, AES-128-CTR is not defined by the IETF, but by NIST in SP800-38A. +/// (https://csrc.nist.gov/publications/detail/sp/800-38a/final) The test vectors in this standard +/// are 16 bytes. const IV_SIZE: usize = 16; /// The byte size of a SHA256 hash. const HASH_SIZE: usize = 32; @@ -66,6 +73,8 @@ pub struct KeystoreBuilder<'a> { impl<'a> KeystoreBuilder<'a> { /// Creates a new builder. /// + /// Generates the KDF `salt` and AES `IV` using `rand::thread_rng()`. + /// /// ## Errors /// /// Returns `Error::EmptyPassword` if `password == ""`. @@ -241,7 +250,7 @@ impl Keystore { serde_json::to_string(self).map_err(|e| Error::UnableToSerialize(format!("{}", e))) } - /// Returns `self` encoded as a JSON object. + /// Returns `self` from an encoded JSON object. pub fn from_json_str(json_string: &str) -> Result { serde_json::from_str(json_string).map_err(|e| Error::InvalidJson(format!("{}", e))) } From 6a14a5161f2ef55f4f59d1f3ab1b9357d7d7fdca Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 12:15:53 +1000 Subject: [PATCH 48/63] Test path and uuid in vectors --- eth2/utils/eth2_keystore/src/keystore.rs | 7 +++ .../eth2_keystore/tests/eip2335_vectors.rs | 53 +++++++++++++------ 2 files changed, 44 insertions(+), 16 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index 4a7b900f82e..da78c3720b0 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -245,6 +245,13 @@ impl Keystore { &self.json.uuid } + /// Returns the path for the keystore. + /// + /// Note: the path is not validated, it is simply whatever string the keystore provided. + pub fn path(&self) -> &str { + &self.json.path + } + /// Encodes `self` as a JSON object. pub fn to_json_string(&self) -> Result { serde_json::to_string(self).map_err(|e| Error::UnableToSerialize(format!("{}", e))) diff --git a/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs b/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs index cb70554890c..215657a659e 100644 --- a/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs +++ b/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs @@ -1,15 +1,25 @@ +//! Test cases taken from: +//! +//! https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases + #![cfg(test)] -use eth2_keystore::{Keystore, Password}; +use eth2_keystore::{Keystore, Uuid}; + +const EXPECTED_SECRET: &str = "000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f"; +const PASSWORD: &str = "testpassword"; + +pub fn decode_and_check_sk(json: &str) -> Keystore { + let keystore = Keystore::from_json_str(json).expect("should decode keystore json"); + let expected_sk = hex::decode(EXPECTED_SECRET).unwrap(); + let keypair = keystore.decrypt_keypair(PASSWORD.into()).unwrap(); + assert_eq!(keypair.sk.as_raw().as_bytes(), expected_sk); + keystore +} -// Test cases taken from: -// -// https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases #[test] -fn eip2335_test_vectors() { - let expected_secret = "000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f"; - let password: Password = "testpassword".into(); - let scrypt_test_vector = r#" +fn eip2335_test_vector_scrypt() { + let vector = r#" { "crypto": { "kdf": { @@ -43,7 +53,18 @@ fn eip2335_test_vectors() { } "#; - let pbkdf2_test_vector = r#" + let keystore = decode_and_check_sk(&vector); + assert_eq!( + *keystore.uuid(), + Uuid::parse_str("1d85ae20-35c5-4611-98e8-aa14a633906f").unwrap(), + "uuid" + ); + assert_eq!(keystore.path(), "", "path"); +} + +#[test] +fn eip2335_test_vector_pbkdf() { + let vector = r#" { "crypto": { "kdf": { @@ -76,11 +97,11 @@ fn eip2335_test_vectors() { } "#; - let test_vectors = vec![scrypt_test_vector, pbkdf2_test_vector]; - for test in test_vectors { - let keystore: Keystore = serde_json::from_str(test).unwrap(); - let keypair = keystore.decrypt_keypair(password.clone()).unwrap(); - let expected_sk = hex::decode(expected_secret).unwrap(); - assert_eq!(keypair.sk.as_raw().as_bytes(), expected_sk) - } + let keystore = decode_and_check_sk(&vector); + assert_eq!( + *keystore.uuid(), + Uuid::parse_str("64625def-3331-4eea-ab6f-782f3ed16a83").unwrap(), + "uuid" + ); + assert_eq!(keystore.path(), "m/12381/60/0/0", "path"); } From 3330b2b8f6e54cdc549ce52a6b52b0f82083d45e Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 12:16:57 +1000 Subject: [PATCH 49/63] Fix comment --- eth2/utils/eth2_keystore/tests/eip2335_vectors.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs b/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs index 215657a659e..fc91e592105 100644 --- a/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs +++ b/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs @@ -1,6 +1,6 @@ //! Test cases taken from: //! -//! https://github.com/CarlBeek/EIPs/blob/bls_keystore/EIPS/eip-2335.md#test-cases +//! https://eips.ethereum.org/EIPS/eip-2335 #![cfg(test)] From 75566c785a7fdc6decf47194e4256bfd4e12079a Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 12:46:08 +1000 Subject: [PATCH 50/63] Add checks for kdf params --- eth2/utils/eth2_keystore/src/keystore.rs | 37 +++- eth2/utils/eth2_keystore/tests/json.rs | 43 +++- eth2/utils/eth2_keystore/tests/params.rs | 252 +++++++++++++++++++++++ eth2/utils/eth2_keystore/tests/tests.rs | 25 +++ 4 files changed, 351 insertions(+), 6 deletions(-) create mode 100644 eth2/utils/eth2_keystore/tests/params.rs diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index da78c3720b0..172472ece98 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -57,6 +57,8 @@ pub enum Error { InvalidJson(String), WriteError(String), ReadError(String), + InvalidPbkdf2Param, + InvalidScryptParam, IncorrectIvSize { expected: usize, len: usize }, } @@ -136,7 +138,7 @@ impl Keystore { uuid: Uuid, path: String, ) -> Result { - let derived_key = derive_key(&password, &kdf); + let derived_key = derive_key(&password, &kdf)?; let secret = PlainText::from(keypair.sk.as_raw().as_bytes()); @@ -190,7 +192,7 @@ impl Keystore { let cipher_message = &self.json.crypto.cipher.message; // Generate derived key - let derived_key = derive_key(&password, &self.json.crypto.kdf.params); + let derived_key = derive_key(&password, &self.json.crypto.kdf.params)?; // Mismatching checksum indicates an invalid password. if generate_checksum(&derived_key, cipher_message.as_bytes()) @@ -287,13 +289,25 @@ fn generate_checksum(derived_key: &DerivedKey, cipher_message: &[u8]) -> HexByte } /// Derive a private key from the given `password` using the given `kdf` (key derivation function). -fn derive_key(password: &Password, kdf: &Kdf) -> DerivedKey { +fn derive_key(password: &Password, kdf: &Kdf) -> Result { let mut dk = DerivedKey::zero(); match &kdf { Kdf::Pbkdf2(params) => { let mut mac = params.prf.mac(password.as_bytes()); + // RFC2898 declares that `c` must be a "positive integer" and the `crypto` crate panics + // if it is `0`. + // + // Both of these seem fairly convincing that it shouldn't be 0. + // + // Reference: + // + // https://www.ietf.org/rfc/rfc2898.txt + if params.c == 0 { + return Err(Error::InvalidPbkdf2Param); + } + crypto::pbkdf2::pbkdf2( &mut mac, params.salt.as_bytes(), @@ -302,9 +316,22 @@ fn derive_key(password: &Password, kdf: &Kdf) -> DerivedKey { ); } Kdf::Scrypt(params) => { - // Assert that `n` is power of 2 + // Assert that `n` is power of 2. debug_assert_eq!(params.n, 2u32.pow(log2_int(params.n))); + // RFC7914 declares that all these parameters must be greater than 1: + // + // - `N`: costParameter. + // - `r`: blockSize. + // - `p`: parallelizationParameter + // + // Reference: + // + // https://tools.ietf.org/html/rfc7914 + if params.n == 0 || params.r == 0 || params.p == 0 { + return Err(Error::InvalidScryptParam); + } + crypto::scrypt::scrypt( password.as_bytes(), params.salt.as_bytes(), @@ -314,7 +341,7 @@ fn derive_key(password: &Password, kdf: &Kdf) -> DerivedKey { } } - dk + Ok(dk) } /// Compute floor of log2 of a u32. diff --git a/eth2/utils/eth2_keystore/tests/json.rs b/eth2/utils/eth2_keystore/tests/json.rs index cb38589c79b..50ffb84c75d 100644 --- a/eth2/utils/eth2_keystore/tests/json.rs +++ b/eth2/utils/eth2_keystore/tests/json.rs @@ -6,7 +6,7 @@ use eth2_keystore::{Error, Keystore}; /// /// If this test doesn't pass then it all previous tests are unreliable. #[test] -fn reference_scrypt() { +fn scrypt_reference() { let vector = r#" { "crypto": { @@ -44,6 +44,47 @@ fn reference_scrypt() { assert!(Keystore::from_json_str(&vector).is_ok()); } +#[test] +fn pbkdf2_reference() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "pbkdf2", + "params": { + "dklen": 32, + "c": 262144, + "prf": "hmac-sha256", + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3", + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "path": "m/12381/60/0/0", + "uuid": "64625def-3331-4eea-ab6f-782f3ed16a83", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + #[test] fn additional_top_level_key() { let vector = r#" diff --git a/eth2/utils/eth2_keystore/tests/params.rs b/eth2/utils/eth2_keystore/tests/params.rs new file mode 100644 index 00000000000..8066e3ae377 --- /dev/null +++ b/eth2/utils/eth2_keystore/tests/params.rs @@ -0,0 +1,252 @@ +#![cfg(test)] + +use eth2_keystore::{Error, Keystore}; + +const PASSWORD: &str = "testpassword"; + +fn decrypt_error(vector: &str) -> Error { + Keystore::from_json_str(&vector) + .unwrap() + .decrypt_keypair(PASSWORD.into()) + .err() + .unwrap() +} + +fn assert_decrypts(vector: &str) { + Keystore::from_json_str(&vector) + .unwrap() + .decrypt_keypair(PASSWORD.into()) + .unwrap(); +} + +#[test] +fn scrypt_zero_n() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 0, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + assert_eq!(decrypt_error(vector), Error::InvalidScryptParam); +} + +#[test] +fn scrypt_zero_p() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 0, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + assert_eq!(decrypt_error(vector), Error::InvalidScryptParam); +} + +#[test] +fn scrypt_zero_r() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 0, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + assert_eq!(decrypt_error(vector), Error::InvalidScryptParam); +} + +#[test] +fn scrypt_zero_dklen() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 0, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + assert_decrypts(vector) +} + +#[test] +fn pbkdf2_zero_c() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "pbkdf2", + "params": { + "dklen": 32, + "c": 0, + "prf": "hmac-sha256", + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "path": "m/12381/60/0/0", + "uuid": "64625def-3331-4eea-ab6f-782f3ed16a83", + "version": 4 + } + "#; + + assert_eq!(decrypt_error(vector), Error::InvalidPbkdf2Param); +} + +#[test] +fn pbkdf2_zero_dken() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "pbkdf2", + "params": { + "dklen": 0, + "c": 262144, + "prf": "hmac-sha256", + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "path": "m/12381/60/0/0", + "uuid": "64625def-3331-4eea-ab6f-782f3ed16a83", + "version": 4 + } + "#; + + assert_decrypts(vector) +} diff --git a/eth2/utils/eth2_keystore/tests/tests.rs b/eth2/utils/eth2_keystore/tests/tests.rs index e19b2f100d0..06e245be180 100644 --- a/eth2/utils/eth2_keystore/tests/tests.rs +++ b/eth2/utils/eth2_keystore/tests/tests.rs @@ -86,3 +86,28 @@ fn file() { "should decrypt with good password" ); } + +#[test] +fn scrypt_params() { + let keypair = Keypair::random(); + + let keystore = KeystoreBuilder::new(&keypair, good_password(), "".into()) + .unwrap() + .build() + .unwrap(); + + let json = keystore.to_json_string().unwrap(); + let decoded = Keystore::from_json_str(&json).unwrap(); + + assert_eq!( + decoded.decrypt_keypair(bad_password()).err().unwrap(), + Error::InvalidPassword, + "should not decrypt with bad password" + ); + + assert_eq!( + decoded.decrypt_keypair(good_password()).unwrap(), + keypair, + "should decrypt with good password" + ); +} From 5d7bd3f788905c9f0aaa6edf9f929d4ed0aacaa2 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 12:54:26 +1000 Subject: [PATCH 51/63] Enforce empty kdf message --- .../src/json_keystore/hex_bytes.rs | 4 -- .../src/json_keystore/kdf_module.rs | 24 ++++++++++- .../eth2_keystore/src/json_keystore/mod.rs | 2 +- eth2/utils/eth2_keystore/src/keystore.rs | 6 +-- eth2/utils/eth2_keystore/tests/json.rs | 42 +++++++++++++++++++ 5 files changed, 69 insertions(+), 9 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs b/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs index dfa03d84885..92d8d16b29b 100644 --- a/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs +++ b/eth2/utils/eth2_keystore/src/json_keystore/hex_bytes.rs @@ -7,10 +7,6 @@ use std::convert::TryFrom; pub struct HexBytes(Vec); impl HexBytes { - pub fn empty() -> Self { - Self(vec![]) - } - pub fn as_bytes(&self) -> &[u8] { &self.0 } diff --git a/eth2/utils/eth2_keystore/src/json_keystore/kdf_module.rs b/eth2/utils/eth2_keystore/src/json_keystore/kdf_module.rs index 80430ecf35a..1a595c45cfb 100644 --- a/eth2/utils/eth2_keystore/src/json_keystore/kdf_module.rs +++ b/eth2/utils/eth2_keystore/src/json_keystore/kdf_module.rs @@ -15,7 +15,29 @@ use std::convert::TryFrom; pub struct KdfModule { pub function: KdfFunction, pub params: Kdf, - pub message: HexBytes, + pub message: EmptyString, +} + +/// Used for ensuring serde only decodes an empty string. +#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] +#[serde(try_from = "String", into = "String")] +pub struct EmptyString; + +impl Into for EmptyString { + fn into(self) -> String { + "".into() + } +} + +impl TryFrom for EmptyString { + type Error = &'static str; + + fn try_from(s: String) -> Result { + match s.as_ref() { + "" => Ok(Self), + _ => Err("kdf message must be empty"), + } + } } #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] diff --git a/eth2/utils/eth2_keystore/src/json_keystore/mod.rs b/eth2/utils/eth2_keystore/src/json_keystore/mod.rs index 0ebfad01f7e..3706082eaa6 100644 --- a/eth2/utils/eth2_keystore/src/json_keystore/mod.rs +++ b/eth2/utils/eth2_keystore/src/json_keystore/mod.rs @@ -12,7 +12,7 @@ mod kdf_module; pub use checksum_module::{ChecksumModule, EmptyMap, Sha256Checksum}; pub use cipher_module::{Aes128Ctr, Cipher, CipherModule}; pub use hex_bytes::HexBytes; -pub use kdf_module::{Kdf, KdfModule, Pbkdf2, Prf, Scrypt}; +pub use kdf_module::{EmptyString, Kdf, KdfModule, Pbkdf2, Prf, Scrypt}; pub use uuid::Uuid; use serde::{Deserialize, Serialize}; diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index 172472ece98..ec96f81aa39 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -3,8 +3,8 @@ use crate::derived_key::DerivedKey; use crate::json_keystore::{ - Aes128Ctr, ChecksumModule, Cipher, CipherModule, Crypto, EmptyMap, HexBytes, JsonKeystore, Kdf, - KdfModule, Scrypt, Sha256Checksum, Version, + Aes128Ctr, ChecksumModule, Cipher, CipherModule, Crypto, EmptyMap, EmptyString, HexBytes, + JsonKeystore, Kdf, KdfModule, Scrypt, Sha256Checksum, Version, }; use crate::plain_text::PlainText; use crate::Password; @@ -161,7 +161,7 @@ impl Keystore { kdf: KdfModule { function: kdf.function(), params: kdf, - message: HexBytes::empty(), + message: EmptyString, }, checksum: ChecksumModule { function: Sha256Checksum::function(), diff --git a/eth2/utils/eth2_keystore/tests/json.rs b/eth2/utils/eth2_keystore/tests/json.rs index 50ffb84c75d..694e4de172e 100644 --- a/eth2/utils/eth2_keystore/tests/json.rs +++ b/eth2/utils/eth2_keystore/tests/json.rs @@ -600,6 +600,48 @@ fn checksum_params() { } } +#[test] +fn kdf_message() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 32, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "1" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + match Keystore::from_json_str(&vector) { + Err(Error::InvalidJson(_)) => {} + _ => panic!("expected invalid json error"), + } +} + #[test] fn cipher_function() { let vector = r#" From b02951e7340e9122af629b08f158c7c59e16c0c8 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 16:13:17 +1000 Subject: [PATCH 52/63] Expose json_keystore mod --- eth2/utils/eth2_keystore/src/lib.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index e907a656077..36728103eb2 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -2,11 +2,12 @@ //! [EIP-2335](https://eips.ethereum.org/EIPS/eip-2335). mod derived_key; -mod json_keystore; mod keystore; mod password; mod plain_text; +pub mod json_keystore; + pub use keystore::{Error, Keystore, KeystoreBuilder}; pub use password::Password; pub use uuid::Uuid; From 702d0098fa602b310fe24d3a3a061210f044896a Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 17:16:26 +1000 Subject: [PATCH 53/63] Split out encrypt/decrypt --- eth2/utils/eth2_keystore/src/keystore.rs | 129 ++++++++++++++--------- eth2/utils/eth2_keystore/src/lib.rs | 2 +- 2 files changed, 80 insertions(+), 51 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index ec96f81aa39..5ed24825efc 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -3,8 +3,8 @@ use crate::derived_key::DerivedKey; use crate::json_keystore::{ - Aes128Ctr, ChecksumModule, Cipher, CipherModule, Crypto, EmptyMap, EmptyString, HexBytes, - JsonKeystore, Kdf, KdfModule, Scrypt, Sha256Checksum, Version, + Aes128Ctr, ChecksumModule, Cipher, CipherModule, Crypto, EmptyMap, EmptyString, JsonKeystore, + Kdf, KdfModule, Scrypt, Sha256Checksum, Version, }; use crate::plain_text::PlainText; use crate::Password; @@ -138,22 +138,9 @@ impl Keystore { uuid: Uuid, path: String, ) -> Result { - let derived_key = derive_key(&password, &kdf)?; - let secret = PlainText::from(keypair.sk.as_raw().as_bytes()); - // Encrypt secret. - let mut cipher_text = vec![0; secret.len()]; - match &cipher { - Cipher::Aes128Ctr(params) => { - crypto::aes::ctr( - crypto::aes::KeySize::KeySize128, - &derived_key.as_bytes()[0..16], - params.iv.as_bytes(), - ) - .process(secret.as_bytes(), &mut cipher_text); - } - }; + let (cipher_text, checksum) = encrypt(&secret, &password, &kdf, &cipher)?; Ok(Keystore { json: JsonKeystore { @@ -166,7 +153,7 @@ impl Keystore { checksum: ChecksumModule { function: Sha256Checksum::function(), params: EmptyMap, - message: generate_checksum(&derived_key, &cipher_text), + message: checksum.to_vec().into(), }, cipher: CipherModule { function: cipher.function(), @@ -189,35 +176,7 @@ impl Keystore { /// - The provided password is incorrect. /// - The keystore is badly formed. pub fn decrypt_keypair(&self, password: Password) -> Result { - let cipher_message = &self.json.crypto.cipher.message; - - // Generate derived key - let derived_key = derive_key(&password, &self.json.crypto.kdf.params)?; - - // Mismatching checksum indicates an invalid password. - if generate_checksum(&derived_key, cipher_message.as_bytes()) - != self.json.crypto.checksum.message - { - return Err(Error::InvalidPassword); - } - - let mut plain_text = PlainText::zero(cipher_message.len()); - match &self.json.crypto.cipher.params { - Cipher::Aes128Ctr(params) => { - crypto::aes::ctr( - crypto::aes::KeySize::KeySize128, - &derived_key.as_bytes()[0..16], - // NOTE: we do not check the size of the `iv` as there is no guidance about - // this on EIP-2335. - // - // Reference: - // - // - https://github.com/ethereum/EIPs/issues/2339#issuecomment-623865023 - params.iv.as_bytes(), - ) - .process(cipher_message.as_bytes(), plain_text.as_mut_bytes()); - } - }; + let plain_text = decrypt(&password, &self.json.crypto)?; // Verify that secret key material is correct length. if plain_text.len() != SECRET_KEY_LEN { @@ -275,17 +234,87 @@ impl Keystore { } } +/// Returns `(cipher_text, checksum)` for the given `plain_text` encrypted with `Cipher` using a +/// key derived from `password` via the `Kdf` (key derivation function). +/// +/// ## Errors +/// +/// - The `kdf` is badly formed (e.g., has some values set to zero). +pub fn encrypt( + plain_text: &PlainText, + password: &Password, + kdf: &Kdf, + cipher: &Cipher, +) -> Result<(Vec, [u8; HASH_SIZE]), Error> { + let derived_key = derive_key(&password, &kdf)?; + + // Encrypt secret. + let mut cipher_text = vec![0; plain_text.len()]; + match &cipher { + Cipher::Aes128Ctr(params) => { + crypto::aes::ctr( + crypto::aes::KeySize::KeySize128, + &derived_key.as_bytes()[0..16], + params.iv.as_bytes(), + ) + .process(plain_text.as_bytes(), &mut cipher_text); + } + }; + + let checksum = generate_checksum(&derived_key, &cipher_text); + + Ok((cipher_text, checksum)) +} + +/// Regenerate some `plain_text` from the given `password` and `crypto`. +/// +/// ## Errors +/// +/// - The provided password is incorrect. +/// - The `crypto.kdf` is badly formed (e.g., has some values set to zero). +pub fn decrypt(password: &Password, crypto: &Crypto) -> Result { + let cipher_message = &crypto.cipher.message; + + // Generate derived key + let derived_key = derive_key(&password, &crypto.kdf.params)?; + + // Mismatching checksum indicates an invalid password. + if &generate_checksum(&derived_key, cipher_message.as_bytes())[..] + != crypto.checksum.message.as_bytes() + { + return Err(Error::InvalidPassword); + } + + let mut plain_text = PlainText::zero(cipher_message.len()); + match &crypto.cipher.params { + Cipher::Aes128Ctr(params) => { + crypto::aes::ctr( + crypto::aes::KeySize::KeySize128, + &derived_key.as_bytes()[0..16], + // NOTE: we do not check the size of the `iv` as there is no guidance about + // this on EIP-2335. + // + // Reference: + // + // - https://github.com/ethereum/EIPs/issues/2339#issuecomment-623865023 + params.iv.as_bytes(), + ) + .process(cipher_message.as_bytes(), plain_text.as_mut_bytes()); + } + }; + Ok(plain_text) +} + /// Generates a checksum to indicate that the `derived_key` is associated with the /// `cipher_message`. -fn generate_checksum(derived_key: &DerivedKey, cipher_message: &[u8]) -> HexBytes { +fn generate_checksum(derived_key: &DerivedKey, cipher_message: &[u8]) -> [u8; HASH_SIZE] { let mut hasher = Sha256::new(); hasher.input(&derived_key.as_bytes()[16..32]); hasher.input(cipher_message); - let mut digest = vec![0; HASH_SIZE]; + let mut digest = [0; HASH_SIZE]; hasher.result(&mut digest); - - digest.into() + digest } /// Derive a private key from the given `password` using the given `kdf` (key derivation function). diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index 36728103eb2..56174762158 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -8,6 +8,6 @@ mod plain_text; pub mod json_keystore; -pub use keystore::{Error, Keystore, KeystoreBuilder}; +pub use keystore::{decrypt, encrypt, Error, Keystore, KeystoreBuilder}; pub use password::Password; pub use uuid::Uuid; From 908be4a2685e5c3173c4be46f7e579936bff9421 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 17:56:39 +1000 Subject: [PATCH 54/63] Replace some password usage with slice --- eth2/utils/eth2_keystore/src/keystore.rs | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index 5ed24825efc..ef7e07f2d75 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -109,7 +109,7 @@ impl<'a> KeystoreBuilder<'a> { pub fn build(self) -> Result { Keystore::encrypt( self.keypair, - self.password, + self.password.as_bytes(), self.kdf, self.cipher, self.uuid, @@ -132,7 +132,7 @@ impl Keystore { /// keypair and password. fn encrypt( keypair: &Keypair, - password: Password, + password: &[u8], kdf: Kdf, cipher: Cipher, uuid: Uuid, @@ -140,7 +140,7 @@ impl Keystore { ) -> Result { let secret = PlainText::from(keypair.sk.as_raw().as_bytes()); - let (cipher_text, checksum) = encrypt(&secret, &password, &kdf, &cipher)?; + let (cipher_text, checksum) = encrypt(secret.as_bytes(), password, &kdf, &cipher)?; Ok(Keystore { json: JsonKeystore { @@ -176,7 +176,7 @@ impl Keystore { /// - The provided password is incorrect. /// - The keystore is badly formed. pub fn decrypt_keypair(&self, password: Password) -> Result { - let plain_text = decrypt(&password, &self.json.crypto)?; + let plain_text = decrypt(password.as_bytes(), &self.json.crypto)?; // Verify that secret key material is correct length. if plain_text.len() != SECRET_KEY_LEN { @@ -241,8 +241,8 @@ impl Keystore { /// /// - The `kdf` is badly formed (e.g., has some values set to zero). pub fn encrypt( - plain_text: &PlainText, - password: &Password, + plain_text: &[u8], + password: &[u8], kdf: &Kdf, cipher: &Cipher, ) -> Result<(Vec, [u8; HASH_SIZE]), Error> { @@ -257,7 +257,7 @@ pub fn encrypt( &derived_key.as_bytes()[0..16], params.iv.as_bytes(), ) - .process(plain_text.as_bytes(), &mut cipher_text); + .process(plain_text, &mut cipher_text); } }; @@ -272,11 +272,11 @@ pub fn encrypt( /// /// - The provided password is incorrect. /// - The `crypto.kdf` is badly formed (e.g., has some values set to zero). -pub fn decrypt(password: &Password, crypto: &Crypto) -> Result { +pub fn decrypt(password: &[u8], crypto: &Crypto) -> Result { let cipher_message = &crypto.cipher.message; // Generate derived key - let derived_key = derive_key(&password, &crypto.kdf.params)?; + let derived_key = derive_key(password, &crypto.kdf.params)?; // Mismatching checksum indicates an invalid password. if &generate_checksum(&derived_key, cipher_message.as_bytes())[..] @@ -318,12 +318,12 @@ fn generate_checksum(derived_key: &DerivedKey, cipher_message: &[u8]) -> [u8; HA } /// Derive a private key from the given `password` using the given `kdf` (key derivation function). -fn derive_key(password: &Password, kdf: &Kdf) -> Result { +fn derive_key(password: &[u8], kdf: &Kdf) -> Result { let mut dk = DerivedKey::zero(); match &kdf { Kdf::Pbkdf2(params) => { - let mut mac = params.prf.mac(password.as_bytes()); + let mut mac = params.prf.mac(password); // RFC2898 declares that `c` must be a "positive integer" and the `crypto` crate panics // if it is `0`. @@ -362,7 +362,7 @@ fn derive_key(password: &Password, kdf: &Kdf) -> Result { } crypto::scrypt::scrypt( - password.as_bytes(), + password, params.salt.as_bytes(), &crypto::scrypt::ScryptParams::new(log2_int(params.n) as u8, params.r, params.p), dk.as_mut_bytes(), From f1698e3c40f3d117f214ca2c8160f77ad1ae54ae Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 18:12:37 +1000 Subject: [PATCH 55/63] Expose PlainText struct --- eth2/utils/eth2_keystore/src/lib.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index 56174762158..3ecd38e0d4b 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -10,4 +10,5 @@ pub mod json_keystore; pub use keystore::{decrypt, encrypt, Error, Keystore, KeystoreBuilder}; pub use password::Password; +pub use plain_text::PlainText; pub use uuid::Uuid; From e43eb83def8e9ac810e0f3ef0725b0840be887c9 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 18:34:31 +1000 Subject: [PATCH 56/63] Expose consts, remove Password --- eth2/utils/eth2_keystore/src/keystore.rs | 41 +++++++++++-------- eth2/utils/eth2_keystore/src/lib.rs | 6 +-- eth2/utils/eth2_keystore/src/password.rs | 30 -------------- .../eth2_keystore/tests/eip2335_vectors.rs | 2 +- eth2/utils/eth2_keystore/tests/json.rs | 2 +- eth2/utils/eth2_keystore/tests/params.rs | 4 +- eth2/utils/eth2_keystore/tests/tests.rs | 31 ++++++-------- 7 files changed, 43 insertions(+), 73 deletions(-) delete mode 100644 eth2/utils/eth2_keystore/src/password.rs diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index ef7e07f2d75..fd6f0908dc8 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -7,7 +7,6 @@ use crate::json_keystore::{ Kdf, KdfModule, Scrypt, Sha256Checksum, Version, }; use crate::plain_text::PlainText; -use crate::Password; use crate::Uuid; use bls::{Keypair, PublicKey, SecretKey}; use crypto::{digest::Digest, sha2::Sha256}; @@ -24,7 +23,7 @@ const SECRET_KEY_LEN: usize = 32; /// [pbkdf2](https://www.ietf.org/rfc/rfc2898.txt) or [scrypt](https://tools.ietf.org/html/rfc7914) /// make a clear statement about what size it should be, however 32-bytes certainly seems /// reasonable and larger than the EITF examples. -const SALT_SIZE: usize = 32; +pub const SALT_SIZE: usize = 32; /// The length of the derived key. pub const DKLEN: u32 = 32; /// Size of the IV (initialization vector) used for aes-128-ctr encryption of private key material. @@ -42,9 +41,9 @@ pub const DKLEN: u32 = 32; /// As far as I know, AES-128-CTR is not defined by the IETF, but by NIST in SP800-38A. /// (https://csrc.nist.gov/publications/detail/sp/800-38a/final) The test vectors in this standard /// are 16 bytes. -const IV_SIZE: usize = 16; +pub const IV_SIZE: usize = 16; /// The byte size of a SHA256 hash. -const HASH_SIZE: usize = 32; +pub const HASH_SIZE: usize = 32; #[derive(Debug, PartialEq)] pub enum Error { @@ -65,7 +64,7 @@ pub enum Error { /// Constructs a `Keystore`. pub struct KeystoreBuilder<'a> { keypair: &'a Keypair, - password: Password, + password: &'a [u8], kdf: Kdf, cipher: Cipher, uuid: Uuid, @@ -80,8 +79,8 @@ impl<'a> KeystoreBuilder<'a> { /// ## Errors /// /// Returns `Error::EmptyPassword` if `password == ""`. - pub fn new(keypair: &'a Keypair, password: Password, path: String) -> Result { - if password.as_str() == "" { + pub fn new(keypair: &'a Keypair, password: &'a [u8], path: String) -> Result { + if password.is_empty() { Err(Error::EmptyPassword) } else { let salt = rand::thread_rng().gen::<[u8; SALT_SIZE]>(); @@ -90,14 +89,7 @@ impl<'a> KeystoreBuilder<'a> { Ok(Self { keypair, password, - // Using scrypt as the default algorithm due to its memory hardness properties. - kdf: Kdf::Scrypt(Scrypt { - dklen: DKLEN, - n: 262144, - p: 1, - r: 8, - salt: salt.to_vec().into(), - }), + kdf: default_kdf(salt.to_vec()), cipher: Cipher::Aes128Ctr(Aes128Ctr { iv }), uuid: Uuid::new_v4(), path, @@ -109,7 +101,7 @@ impl<'a> KeystoreBuilder<'a> { pub fn build(self) -> Result { Keystore::encrypt( self.keypair, - self.password.as_bytes(), + self.password, self.kdf, self.cipher, self.uuid, @@ -175,8 +167,8 @@ impl Keystore { /// /// - The provided password is incorrect. /// - The keystore is badly formed. - pub fn decrypt_keypair(&self, password: Password) -> Result { - let plain_text = decrypt(password.as_bytes(), &self.json.crypto)?; + pub fn decrypt_keypair(&self, password: &[u8]) -> Result { + let plain_text = decrypt(password, &self.json.crypto)?; // Verify that secret key material is correct length. if plain_text.len() != SECRET_KEY_LEN { @@ -234,6 +226,19 @@ impl Keystore { } } +/// Returns `Kdf` used by default when creating keystores. +/// +/// Currently this is set to scrypt due to its memory hardness properties. +pub fn default_kdf(salt: Vec) -> Kdf { + Kdf::Scrypt(Scrypt { + dklen: DKLEN, + n: 262144, + p: 1, + r: 8, + salt: salt.into(), + }) +} + /// Returns `(cipher_text, checksum)` for the given `plain_text` encrypted with `Cipher` using a /// key derived from `password` via the `Kdf` (key derivation function). /// diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index 3ecd38e0d4b..c3b6ba6e2a4 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -3,12 +3,12 @@ mod derived_key; mod keystore; -mod password; mod plain_text; pub mod json_keystore; -pub use keystore::{decrypt, encrypt, Error, Keystore, KeystoreBuilder}; -pub use password::Password; +pub use keystore::{ + decrypt, default_kdf, encrypt, Error, Keystore, KeystoreBuilder, DKLEN, HASH_SIZE, IV_SIZE, +}; pub use plain_text::PlainText; pub use uuid::Uuid; diff --git a/eth2/utils/eth2_keystore/src/password.rs b/eth2/utils/eth2_keystore/src/password.rs deleted file mode 100644 index d616d5054b3..00000000000 --- a/eth2/utils/eth2_keystore/src/password.rs +++ /dev/null @@ -1,30 +0,0 @@ -use zeroize::Zeroize; - -/// Provides a wrapper around `String` that implements `Zeroize`. -#[derive(Zeroize, Clone, PartialEq)] -#[zeroize(drop)] -pub struct Password(String); - -impl Password { - /// Returns a reference to the underlying `String`. - pub fn as_str(&self) -> &str { - self.0.as_str() - } - - /// Returns a reference to the underlying `String`, as bytes. - pub fn as_bytes(&self) -> &[u8] { - self.0.as_str().as_bytes() - } -} - -impl From for Password { - fn from(s: String) -> Password { - Password(s) - } -} - -impl<'a> From<&'a str> for Password { - fn from(s: &'a str) -> Password { - Password::from(String::from(s)) - } -} diff --git a/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs b/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs index fc91e592105..fee3c37b72a 100644 --- a/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs +++ b/eth2/utils/eth2_keystore/tests/eip2335_vectors.rs @@ -12,7 +12,7 @@ const PASSWORD: &str = "testpassword"; pub fn decode_and_check_sk(json: &str) -> Keystore { let keystore = Keystore::from_json_str(json).expect("should decode keystore json"); let expected_sk = hex::decode(EXPECTED_SECRET).unwrap(); - let keypair = keystore.decrypt_keypair(PASSWORD.into()).unwrap(); + let keypair = keystore.decrypt_keypair(PASSWORD.as_bytes()).unwrap(); assert_eq!(keypair.sk.as_raw().as_bytes(), expected_sk); keystore } diff --git a/eth2/utils/eth2_keystore/tests/json.rs b/eth2/utils/eth2_keystore/tests/json.rs index 694e4de172e..1dec893afdd 100644 --- a/eth2/utils/eth2_keystore/tests/json.rs +++ b/eth2/utils/eth2_keystore/tests/json.rs @@ -381,7 +381,7 @@ fn json_bad_checksum() { assert_eq!( Keystore::from_json_str(&vector) .unwrap() - .decrypt_keypair("testpassword".into()) + .decrypt_keypair("testpassword".as_bytes()) .err() .unwrap(), Error::InvalidPassword diff --git a/eth2/utils/eth2_keystore/tests/params.rs b/eth2/utils/eth2_keystore/tests/params.rs index 8066e3ae377..9df536d05c7 100644 --- a/eth2/utils/eth2_keystore/tests/params.rs +++ b/eth2/utils/eth2_keystore/tests/params.rs @@ -7,7 +7,7 @@ const PASSWORD: &str = "testpassword"; fn decrypt_error(vector: &str) -> Error { Keystore::from_json_str(&vector) .unwrap() - .decrypt_keypair(PASSWORD.into()) + .decrypt_keypair(PASSWORD.as_bytes()) .err() .unwrap() } @@ -15,7 +15,7 @@ fn decrypt_error(vector: &str) -> Error { fn assert_decrypts(vector: &str) { Keystore::from_json_str(&vector) .unwrap() - .decrypt_keypair(PASSWORD.into()) + .decrypt_keypair(PASSWORD.as_bytes()) .unwrap(); } diff --git a/eth2/utils/eth2_keystore/tests/tests.rs b/eth2/utils/eth2_keystore/tests/tests.rs index 06e245be180..8c94a9f5e0b 100644 --- a/eth2/utils/eth2_keystore/tests/tests.rs +++ b/eth2/utils/eth2_keystore/tests/tests.rs @@ -1,22 +1,17 @@ #![cfg(test)] use bls::Keypair; -use eth2_keystore::{Error, Keystore, KeystoreBuilder, Password}; +use eth2_keystore::{Error, Keystore, KeystoreBuilder}; use std::fs::OpenOptions; use tempfile::tempdir; -fn good_password() -> Password { - "ilikecats".to_string().into() -} - -fn bad_password() -> Password { - "idontlikecats".to_string().into() -} +const GOOD_PASSWORD: &[u8] = &[42, 42, 42]; +const BAD_PASSWORD: &[u8] = &[43, 43, 43]; #[test] fn empty_password() { assert_eq!( - KeystoreBuilder::new(&Keypair::random(), "".into(), "".into()) + KeystoreBuilder::new(&Keypair::random(), "".as_bytes(), "".into()) .err() .unwrap(), Error::EmptyPassword @@ -27,7 +22,7 @@ fn empty_password() { fn string_round_trip() { let keypair = Keypair::random(); - let keystore = KeystoreBuilder::new(&keypair, good_password(), "".into()) + let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into()) .unwrap() .build() .unwrap(); @@ -36,13 +31,13 @@ fn string_round_trip() { let decoded = Keystore::from_json_str(&json).unwrap(); assert_eq!( - decoded.decrypt_keypair(bad_password()).err().unwrap(), + decoded.decrypt_keypair(BAD_PASSWORD).err().unwrap(), Error::InvalidPassword, "should not decrypt with bad password" ); assert_eq!( - decoded.decrypt_keypair(good_password()).unwrap(), + decoded.decrypt_keypair(GOOD_PASSWORD).unwrap(), keypair, "should decrypt with good password" ); @@ -63,7 +58,7 @@ fn file() { .expect("should create file") }; - let keystore = KeystoreBuilder::new(&keypair, good_password(), "".into()) + let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into()) .unwrap() .build() .unwrap(); @@ -75,13 +70,13 @@ fn file() { let decoded = Keystore::from_json_reader(&mut get_file()).expect("should read from file"); assert_eq!( - decoded.decrypt_keypair(bad_password()).err().unwrap(), + decoded.decrypt_keypair(BAD_PASSWORD).err().unwrap(), Error::InvalidPassword, "should not decrypt with bad password" ); assert_eq!( - decoded.decrypt_keypair(good_password()).unwrap(), + decoded.decrypt_keypair(GOOD_PASSWORD).unwrap(), keypair, "should decrypt with good password" ); @@ -91,7 +86,7 @@ fn file() { fn scrypt_params() { let keypair = Keypair::random(); - let keystore = KeystoreBuilder::new(&keypair, good_password(), "".into()) + let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into()) .unwrap() .build() .unwrap(); @@ -100,13 +95,13 @@ fn scrypt_params() { let decoded = Keystore::from_json_str(&json).unwrap(); assert_eq!( - decoded.decrypt_keypair(bad_password()).err().unwrap(), + decoded.decrypt_keypair(BAD_PASSWORD).err().unwrap(), Error::InvalidPassword, "should not decrypt with bad password" ); assert_eq!( - decoded.decrypt_keypair(good_password()).unwrap(), + decoded.decrypt_keypair(GOOD_PASSWORD).unwrap(), keypair, "should decrypt with good password" ); From 443e26f59a7c44f4d5dc718a91d989377dd2e211 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Thu, 7 May 2020 18:39:46 +1000 Subject: [PATCH 57/63] Expose SALT_SIZE --- eth2/utils/eth2_keystore/src/lib.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/eth2/utils/eth2_keystore/src/lib.rs b/eth2/utils/eth2_keystore/src/lib.rs index c3b6ba6e2a4..ad536685310 100644 --- a/eth2/utils/eth2_keystore/src/lib.rs +++ b/eth2/utils/eth2_keystore/src/lib.rs @@ -9,6 +9,7 @@ pub mod json_keystore; pub use keystore::{ decrypt, default_kdf, encrypt, Error, Keystore, KeystoreBuilder, DKLEN, HASH_SIZE, IV_SIZE, + SALT_SIZE, }; pub use plain_text::PlainText; pub use uuid::Uuid; From b7f722bfb57f88003bf5232049f9d189088c327f Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Fri, 8 May 2020 08:40:02 +1000 Subject: [PATCH 58/63] Move dbg assert statement --- eth2/utils/eth2_keystore/src/keystore.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index fd6f0908dc8..de3577d9316 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -350,9 +350,6 @@ fn derive_key(password: &[u8], kdf: &Kdf) -> Result { ); } Kdf::Scrypt(params) => { - // Assert that `n` is power of 2. - debug_assert_eq!(params.n, 2u32.pow(log2_int(params.n))); - // RFC7914 declares that all these parameters must be greater than 1: // // - `N`: costParameter. @@ -366,6 +363,9 @@ fn derive_key(password: &[u8], kdf: &Kdf) -> Result { return Err(Error::InvalidScryptParam); } + // Assert that `n` is power of 2. + debug_assert_eq!(params.n, 2u32.pow(log2_int(params.n))); + crypto::scrypt::scrypt( password, params.salt.as_bytes(), From 2b22e1c4baf643a14355b294853624308ac8b800 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Mon, 11 May 2020 15:51:58 +1000 Subject: [PATCH 59/63] Fix dodgy json test --- eth2/utils/eth2_keystore/tests/json.rs | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/eth2/utils/eth2_keystore/tests/json.rs b/eth2/utils/eth2_keystore/tests/json.rs index 1dec893afdd..4484c425453 100644 --- a/eth2/utils/eth2_keystore/tests/json.rs +++ b/eth2/utils/eth2_keystore/tests/json.rs @@ -55,7 +55,7 @@ fn pbkdf2_reference() { "dklen": 32, "c": 262144, "prf": "hmac-sha256", - "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3", + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" }, "message": "" }, @@ -79,10 +79,7 @@ fn pbkdf2_reference() { } "#; - match Keystore::from_json_str(&vector) { - Err(Error::InvalidJson(_)) => {} - _ => panic!("expected invalid json error"), - } + assert!(Keystore::from_json_str(&vector).is_ok()); } #[test] From b21ef2c0deff61b400867a3b8851e95a6f8fdea8 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Mon, 11 May 2020 15:53:50 +1000 Subject: [PATCH 60/63] Protect against n == 1 --- eth2/utils/eth2_keystore/src/keystore.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index de3577d9316..0951f3f9c62 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -359,7 +359,9 @@ fn derive_key(password: &[u8], kdf: &Kdf) -> Result { // Reference: // // https://tools.ietf.org/html/rfc7914 - if params.n == 0 || params.r == 0 || params.p == 0 { + // + // `params.n <= 1` is to protect against a not-power-of-two panic. + if params.n <= 1 || params.r == 0 || params.p == 0 { return Err(Error::InvalidScryptParam); } From 3f5ffceafb83ee472efd6ad54928fc0dd7212a31 Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Mon, 11 May 2020 15:59:09 +1000 Subject: [PATCH 61/63] Return error if n is not power of 2 --- eth2/utils/eth2_keystore/src/keystore.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index 0951f3f9c62..f0ff594c9da 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -365,8 +365,10 @@ fn derive_key(password: &[u8], kdf: &Kdf) -> Result { return Err(Error::InvalidScryptParam); } - // Assert that `n` is power of 2. - debug_assert_eq!(params.n, 2u32.pow(log2_int(params.n))); + // Ensure that `n` is power of 2. + if params.n != 2u32.pow(log2_int(params.n)) { + return Err(Error::InvalidScryptParam); + } crypto::scrypt::scrypt( password, From a4d0925a3fdffa4f20897733462ff43ea07c252d Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Mon, 11 May 2020 16:07:52 +1000 Subject: [PATCH 62/63] Add dklen checks --- Cargo.lock | 71 +++++++++++++++++-- eth2/utils/eth2_keystore/src/keystore.rs | 10 ++- eth2/utils/eth2_keystore/tests/params.rs | 88 +++++++++++++++++++++--- 3 files changed, 152 insertions(+), 17 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c17c29a3d2a..ad7148eb9dd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1296,6 +1296,23 @@ dependencies = [ "serde_yaml", ] +[[package]] +name = "eth2_keystore" +version = "0.1.0" +dependencies = [ + "bls", + "eth2_ssz", + "hex 0.3.2", + "rand 0.7.3", + "rust-crypto", + "serde", + "serde_json", + "serde_repr", + "tempfile", + "uuid 0.8.1", + "zeroize 1.1.0", +] + [[package]] name = "eth2_ssz" version = "0.1.2" @@ -3550,7 +3567,7 @@ dependencies = [ "tokio-threadpool", "tokio-timer 0.2.13", "url 1.7.2", - "uuid", + "uuid 0.7.4", "winreg", ] @@ -3650,6 +3667,19 @@ dependencies = [ "crossbeam-utils", ] +[[package]] +name = "rust-crypto" +version = "0.2.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f76d05d3993fd5f4af9434e8e436db163a12a9d40e1a58a726f27a01dfd12a2a" +dependencies = [ + "gcc", + "libc", + "rand 0.3.23", + "rustc-serialize", + "time", +] + [[package]] name = "rustc-demangle" version = "0.1.16" @@ -3662,6 +3692,12 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3e75f6a532d0fd9f7f13144f392b6ad56a32696bfcd9c78f797f16bbb6f072d6" +[[package]] +name = "rustc-serialize" +version = "0.3.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcf128d1287d2ea9d80910b5f1120d0b8eede3fbf1abe91c40d39ea7d51e6fda" + [[package]] name = "rustc_version" version = "0.2.3" @@ -4199,9 +4235,9 @@ dependencies = [ name = "state_transition_vectors" version = "0.1.0" dependencies = [ - "eth2_ssz 0.1.2", - "state_processing 0.2.0", - "types 0.2.0", + "eth2_ssz", + "state_processing", + "types", ] [[package]] @@ -4983,6 +5019,16 @@ dependencies = [ "rand 0.6.5", ] +[[package]] +name = "uuid" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9fde2f6a4bea1d6e007c4ad38c6839fa71cbb63b6dbf5b595aa38dc9b1093c11" +dependencies = [ + "rand 0.7.3", + "serde", +] + [[package]] name = "validator_client" version = "0.2.0" @@ -5424,7 +5470,7 @@ version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e68403b858b6af538b11614e62dfe9ab2facba9f13a0cafb974855cfb495ec95" dependencies = [ - "zeroize_derive", + "zeroize_derive 0.1.0", ] [[package]] @@ -5432,6 +5478,9 @@ name = "zeroize" version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3cbac2ed2ba24cc90f5e06485ac8c7c1e5449fe8911aef4d8877218af021a5b8" +dependencies = [ + "zeroize_derive 1.0.0", +] [[package]] name = "zeroize_derive" @@ -5443,3 +5492,15 @@ dependencies = [ "quote 0.6.13", "syn 0.15.44", ] + +[[package]] +name = "zeroize_derive" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de251eec69fc7c1bc3923403d18ececb929380e016afe103da75f396704f8ca2" +dependencies = [ + "proc-macro2 1.0.12", + "quote 1.0.4", + "syn 1.0.19", + "synstructure", +] diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index f0ff594c9da..e36e0ce3dc7 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -338,7 +338,10 @@ fn derive_key(password: &[u8], kdf: &Kdf) -> Result { // Reference: // // https://www.ietf.org/rfc/rfc2898.txt - if params.c == 0 { + // + // Additionally, we always compute a derived key of 32 bytes so reject anything that + // says otherwise. + if params.c == 0 || params.dklen != DKLEN { return Err(Error::InvalidPbkdf2Param); } @@ -360,8 +363,9 @@ fn derive_key(password: &[u8], kdf: &Kdf) -> Result { // // https://tools.ietf.org/html/rfc7914 // - // `params.n <= 1` is to protect against a not-power-of-two panic. - if params.n <= 1 || params.r == 0 || params.p == 0 { + // Additionally, we always compute a derived key of 32 bytes so reject anything that + // says otherwise. + if params.n <= 1 || params.r == 0 || params.p == 0 || params.dklen != DKLEN { return Err(Error::InvalidScryptParam); } diff --git a/eth2/utils/eth2_keystore/tests/params.rs b/eth2/utils/eth2_keystore/tests/params.rs index 9df536d05c7..71e37a1ed55 100644 --- a/eth2/utils/eth2_keystore/tests/params.rs +++ b/eth2/utils/eth2_keystore/tests/params.rs @@ -12,13 +12,6 @@ fn decrypt_error(vector: &str) -> Error { .unwrap() } -fn assert_decrypts(vector: &str) { - Keystore::from_json_str(&vector) - .unwrap() - .decrypt_keypair(PASSWORD.as_bytes()) - .unwrap(); -} - #[test] fn scrypt_zero_n() { let vector = r#" @@ -58,6 +51,45 @@ fn scrypt_zero_n() { assert_eq!(decrypt_error(vector), Error::InvalidScryptParam); } +#[test] +fn scrypt_dklen_not_32() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "scrypt", + "params": { + "dklen": 33, + "n": 262144, + "p": 1, + "r": 8, + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f", + "path": "", + "version": 4 + } + "#; + + assert_eq!(decrypt_error(vector), Error::InvalidScryptParam); +} + #[test] fn scrypt_zero_p() { let vector = r#" @@ -172,7 +204,7 @@ fn scrypt_zero_dklen() { } "#; - assert_decrypts(vector) + assert_eq!(decrypt_error(vector), Error::InvalidScryptParam); } #[test] @@ -248,5 +280,43 @@ fn pbkdf2_zero_dken() { } "#; - assert_decrypts(vector) + assert_eq!(decrypt_error(vector), Error::InvalidPbkdf2Param); +} + +#[test] +fn pbkdf2_dklen_not_32() { + let vector = r#" + { + "crypto": { + "kdf": { + "function": "pbkdf2", + "params": { + "dklen": 33, + "c": 262144, + "prf": "hmac-sha256", + "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3" + }, + "message": "" + }, + "checksum": { + "function": "sha256", + "params": {}, + "message": "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8" + }, + "cipher": { + "function": "aes-128-ctr", + "params": { + "iv": "264daa3f303d7259501c93d997d84fe6" + }, + "message": "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48" + } + }, + "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07", + "path": "m/12381/60/0/0", + "uuid": "64625def-3331-4eea-ab6f-782f3ed16a83", + "version": 4 + } + "#; + + assert_eq!(decrypt_error(vector), Error::InvalidPbkdf2Param); } From 594c061a2a718119953633ffc94fb64328a20bba Mon Sep 17 00:00:00 2001 From: Paul Hauner Date: Mon, 11 May 2020 16:09:23 +1000 Subject: [PATCH 63/63] Add note about panics --- eth2/utils/eth2_keystore/src/keystore.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/eth2/utils/eth2_keystore/src/keystore.rs b/eth2/utils/eth2_keystore/src/keystore.rs index e36e0ce3dc7..2adb7a31d3d 100644 --- a/eth2/utils/eth2_keystore/src/keystore.rs +++ b/eth2/utils/eth2_keystore/src/keystore.rs @@ -167,6 +167,10 @@ impl Keystore { /// /// - The provided password is incorrect. /// - The keystore is badly formed. + /// + /// ## Panics + /// + /// May panic if provided unreasonable crypto parameters. pub fn decrypt_keypair(&self, password: &[u8]) -> Result { let plain_text = decrypt(password, &self.json.crypto)?;