+// Copyright 2017 The go-ethereum Authors

+// This file is part of the go-ethereum library.

+//

+// The go-ethereum library is free software: you can redistribute it and/or modify

+// it under the terms of the GNU Lesser General Public License as published by

+// the Free Software Foundation, either version 3 of the License, or

+// (at your option) any later version.

+//

+// The go-ethereum library is distributed in the hope that it will be useful,

+// but WITHOUT ANY WARRANTY; without even the implied warranty of

+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+// GNU Lesser General Public License for more details.

+//

+// You should have received a copy of the GNU Lesser General Public License

+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

+

+package keystore

+

+import (

+ "bufio"

+ "encoding/json"

+ "fmt"

+ "os"

+ "path/filepath"

+ "sort"

+ "strings"

+ "sync"

+ "time"

+

+ "github.com/ava-labs/coreth/accounts"

+ "github.com/ava-labs/go-ethereum/common"

+ "github.com/ava-labs/go-ethereum/log"

+ mapset "github.com/deckarep/golang-set"

+)

+

+// Minimum amount of time between cache reloads. This limit applies if the platform does

+// not support change notifications. It also applies if the keystore directory does not

+// exist yet, the code will attempt to create a watcher at most this often.

+const minReloadInterval = 2 * time.Second

+

+type accountsByURL []accounts.Account

+

+func (s accountsByURL) Len() int { return len(s) }

+func (s accountsByURL) Less(i, j int) bool { return s[i].URL.Cmp(s[j].URL) < 0 }

+func (s accountsByURL) Swap(i, j int) { s[i], s[j] = s[j], s[i] }

+

+// AmbiguousAddrError is returned when attempting to unlock

+// an address for which more than one file exists.

+type AmbiguousAddrError struct {

+ Addr common.Address

+ Matches []accounts.Account

+}

+

+func (err *AmbiguousAddrError) Error() string {

+ files := ""

+ for i, a := range err.Matches {

+ files += a.URL.Path

+ if i < len(err.Matches)-1 {

+ files += ", "

+ }

+ }

+ return fmt.Sprintf("multiple keys match address (%s)", files)

+}

+

+// accountCache is a live index of all accounts in the keystore.

+type accountCache struct {

+ keydir string

+ watcher *watcher

+ mu sync.Mutex

+ all accountsByURL

+ byAddr map[common.Address][]accounts.Account

+ throttle *time.Timer

+ notify chan struct{}

+ fileC fileCache

+}

+

+func newAccountCache(keydir string) (*accountCache, chan struct{}) {

+ ac := &accountCache{

+ keydir: keydir,

+ byAddr: make(map[common.Address][]accounts.Account),

+ notify: make(chan struct{}, 1),

+ fileC: fileCache{all: mapset.NewThreadUnsafeSet()},

+ }

+ ac.watcher = newWatcher(ac)

+ return ac, ac.notify

+}

+

+func (ac *accountCache) accounts() []accounts.Account {

+ ac.maybeReload()

+ ac.mu.Lock()

+ defer ac.mu.Unlock()

+ cpy := make([]accounts.Account, len(ac.all))

+ copy(cpy, ac.all)

+ return cpy

+}

+

+func (ac *accountCache) hasAddress(addr common.Address) bool {

+ ac.maybeReload()

+ ac.mu.Lock()

+ defer ac.mu.Unlock()

+ return len(ac.byAddr[addr]) > 0

+}

+

+func (ac *accountCache) add(newAccount accounts.Account) {

+ ac.mu.Lock()

+ defer ac.mu.Unlock()

+

+ i := sort.Search(len(ac.all), func(i int) bool { return ac.all[i].URL.Cmp(newAccount.URL) >= 0 })

+ if i < len(ac.all) && ac.all[i] == newAccount {

+ return

+ }

+ // newAccount is not in the cache.

+ ac.all = append(ac.all, accounts.Account{})

+ copy(ac.all[i+1:], ac.all[i:])

+ ac.all[i] = newAccount

+ ac.byAddr[newAccount.Address] = append(ac.byAddr[newAccount.Address], newAccount)

+}

+

+// note: removed needs to be unique here (i.e. both File and Address must be set).

+func (ac *accountCache) delete(removed accounts.Account) {

+ ac.mu.Lock()

+ defer ac.mu.Unlock()

+

+ ac.all = removeAccount(ac.all, removed)

+ if ba := removeAccount(ac.byAddr[removed.Address], removed); len(ba) == 0 {

+ delete(ac.byAddr, removed.Address)

+ } else {

+ ac.byAddr[removed.Address] = ba

+ }

+}

+

+// deleteByFile removes an account referenced by the given path.

+func (ac *accountCache) deleteByFile(path string) {

+ ac.mu.Lock()

+ defer ac.mu.Unlock()

+ i := sort.Search(len(ac.all), func(i int) bool { return ac.all[i].URL.Path >= path })

+

+ if i < len(ac.all) && ac.all[i].URL.Path == path {

+ removed := ac.all[i]

+ ac.all = append(ac.all[:i], ac.all[i+1:]...)

+ if ba := removeAccount(ac.byAddr[removed.Address], removed); len(ba) == 0 {

+ delete(ac.byAddr, removed.Address)

+ } else {

+ ac.byAddr[removed.Address] = ba

+ }

+ }

+}

+

+func removeAccount(slice []accounts.Account, elem accounts.Account) []accounts.Account {

+ for i := range slice {

+ if slice[i] == elem {

+ return append(slice[:i], slice[i+1:]...)

+ }

+ }

+ return slice

+}

+

+// find returns the cached account for address if there is a unique match.

+// The exact matching rules are explained by the documentation of accounts.Account.

+// Callers must hold ac.mu.

+func (ac *accountCache) find(a accounts.Account) (accounts.Account, error) {

+ // Limit search to address candidates if possible.

+ matches := ac.all

+ if (a.Address != common.Address{}) {

+ matches = ac.byAddr[a.Address]

+ }

+ if a.URL.Path != "" {

+ // If only the basename is specified, complete the path.

+ if !strings.ContainsRune(a.URL.Path, filepath.Separator) {

+ a.URL.Path = filepath.Join(ac.keydir, a.URL.Path)

+ }

+ for i := range matches {

+ if matches[i].URL == a.URL {

+ return matches[i], nil

+ }

+ }

+ if (a.Address == common.Address{}) {

+ return accounts.Account{}, ErrNoMatch

+ }

+ }

+ switch len(matches) {

+ case 1:

+ return matches[0], nil

+ case 0:

+ return accounts.Account{}, ErrNoMatch

+ default:

+ err := &AmbiguousAddrError{Addr: a.Address, Matches: make([]accounts.Account, len(matches))}

+ copy(err.Matches, matches)

+ sort.Sort(accountsByURL(err.Matches))

+ return accounts.Account{}, err

+ }

+}

+

+func (ac *accountCache) maybeReload() {

+ ac.mu.Lock()

+

+ if ac.watcher.running {

+ ac.mu.Unlock()

+ return // A watcher is running and will keep the cache up-to-date.

+ }

+ if ac.throttle == nil {

+ ac.throttle = time.NewTimer(0)

+ } else {

+ select {

+ case <-ac.throttle.C:

+ default:

+ ac.mu.Unlock()

+ return // The cache was reloaded recently.

+ }

+ }

+ // No watcher running, start it.

+ ac.watcher.start()

+ ac.throttle.Reset(minReloadInterval)

+ ac.mu.Unlock()

+ ac.scanAccounts()

+}

+

+func (ac *accountCache) close() {

+ ac.mu.Lock()

+ ac.watcher.close()

+ if ac.throttle != nil {

+ ac.throttle.Stop()

+ }

+ if ac.notify != nil {

+ close(ac.notify)

+ ac.notify = nil

+ }

+ ac.mu.Unlock()

+}

+

+// scanAccounts checks if any changes have occurred on the filesystem, and

+// updates the account cache accordingly

+func (ac *accountCache) scanAccounts() error {

+ // Scan the entire folder metadata for file changes

+ creates, deletes, updates, err := ac.fileC.scan(ac.keydir)

+ if err != nil {

+ log.Debug("Failed to reload keystore contents", "err", err)

+ return err

+ }

+ if creates.Cardinality() == 0 && deletes.Cardinality() == 0 && updates.Cardinality() == 0 {

+ return nil

+ }

+ // Create a helper method to scan the contents of the key files

+ var (

+ buf = new(bufio.Reader)

+ key struct {

+ Address string `json:"address"`

+ }

+ )

+ readAccount := func(path string) *accounts.Account {

+ fd, err := os.Open(path)

+ if err != nil {

+ log.Trace("Failed to open keystore file", "path", path, "err", err)

+ return nil

+ }

+ defer fd.Close()

+ buf.Reset(fd)

+ // Parse the address.

+ key.Address = ""

+ err = json.NewDecoder(buf).Decode(&key)

+ addr := common.HexToAddress(key.Address)

+ switch {

+ case err != nil:

+ log.Debug("Failed to decode keystore key", "path", path, "err", err)

+ case (addr == common.Address{}):

+ log.Debug("Failed to decode keystore key", "path", path, "err", "missing or zero address")

+ default:

+ return &accounts.Account{

+ Address: addr,

+ URL: accounts.URL{Scheme: KeyStoreScheme, Path: path},

+ }

+ }

+ return nil

+ }

+ // Process all the file diffs

+ start := time.Now()

+

+ for _, p := range creates.ToSlice() {

+ if a := readAccount(p.(string)); a != nil {

+ ac.add(*a)

+ }

+ }

+ for _, p := range deletes.ToSlice() {

+ ac.deleteByFile(p.(string))

+ }

+ for _, p := range updates.ToSlice() {

+ path := p.(string)

+ ac.deleteByFile(path)

+ if a := readAccount(path); a != nil {

+ ac.add(*a)

+ }

+ }

+ end := time.Now()

+

+ select {

+ case ac.notify <- struct{}{}:

+ default:

+ }

+ log.Trace("Handled keystore changes", "time", end.Sub(start))

+ return nil

+}

+// Copyright 2017 The go-ethereum Authors

+// This file is part of the go-ethereum library.

+//

+// The go-ethereum library is free software: you can redistribute it and/or modify

+// it under the terms of the GNU Lesser General Public License as published by

+// the Free Software Foundation, either version 3 of the License, or

+// (at your option) any later version.

+//

+// The go-ethereum library is distributed in the hope that it will be useful,

+// but WITHOUT ANY WARRANTY; without even the implied warranty of

+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+// GNU Lesser General Public License for more details.

+//

+// You should have received a copy of the GNU Lesser General Public License

+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

+

+package keystore

+

+import (

+ "io/ioutil"

+ "os"

+ "path/filepath"

+ "strings"

+ "sync"

+ "time"

+

+ mapset "github.com/deckarep/golang-set"

+ "github.com/ava-labs/go-ethereum/log"

+)

+

+// fileCache is a cache of files seen during scan of keystore.

+type fileCache struct {

+ all mapset.Set // Set of all files from the keystore folder

+ lastMod time.Time // Last time instance when a file was modified

+ mu sync.RWMutex

+}

+

+// scan performs a new scan on the given directory, compares against the already

+// cached filenames, and returns file sets: creates, deletes, updates.

+func (fc *fileCache) scan(keyDir string) (mapset.Set, mapset.Set, mapset.Set, error) {

+ t0 := time.Now()

+

+ // List all the failes from the keystore folder

+ files, err := ioutil.ReadDir(keyDir)

+ if err != nil {

+ return nil, nil, nil, err

+ }

+ t1 := time.Now()

+

+ fc.mu.Lock()

+ defer fc.mu.Unlock()

+

+ // Iterate all the files and gather their metadata

+ all := mapset.NewThreadUnsafeSet()

+ mods := mapset.NewThreadUnsafeSet()

+

+ var newLastMod time.Time

+ for _, fi := range files {

+ path := filepath.Join(keyDir, fi.Name())

+ // Skip any non-key files from the folder

+ if nonKeyFile(fi) {

+ log.Trace("Ignoring file on account scan", "path", path)

+ continue

+ }

+ // Gather the set of all and fresly modified files

+ all.Add(path)

+

+ modified := fi.ModTime()

+ if modified.After(fc.lastMod) {

+ mods.Add(path)

+ }

+ if modified.After(newLastMod) {

+ newLastMod = modified

+ }

+ }

+ t2 := time.Now()

+

+ // Update the tracked files and return the three sets

+ deletes := fc.all.Difference(all) // Deletes = previous - current

+ creates := all.Difference(fc.all) // Creates = current - previous

+ updates := mods.Difference(creates) // Updates = modified - creates

+

+ fc.all, fc.lastMod = all, newLastMod

+ t3 := time.Now()

+

+ // Report on the scanning stats and return

+ log.Debug("FS scan times", "list", t1.Sub(t0), "set", t2.Sub(t1), "diff", t3.Sub(t2))

+ return creates, deletes, updates, nil

+}

+

+// nonKeyFile ignores editor backups, hidden files and folders/symlinks.

+func nonKeyFile(fi os.FileInfo) bool {

+ // Skip editor backups and UNIX-style hidden files.

+ if strings.HasSuffix(fi.Name(), "~") || strings.HasPrefix(fi.Name(), ".") {

+ return true

+ }

+ // Skip misc special files, directories (yes, symlinks too).

+ if fi.IsDir() || fi.Mode()&os.ModeType != 0 {

+ return true

+ }

+ return false

+}

+// Copyright 2014 The go-ethereum Authors

+// This file is part of the go-ethereum library.

+//

+// The go-ethereum library is free software: you can redistribute it and/or modify

+// it under the terms of the GNU Lesser General Public License as published by

+// the Free Software Foundation, either version 3 of the License, or

+// (at your option) any later version.

+//

+// The go-ethereum library is distributed in the hope that it will be useful,

+// but WITHOUT ANY WARRANTY; without even the implied warranty of

+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+// GNU Lesser General Public License for more details.

+//

+// You should have received a copy of the GNU Lesser General Public License

+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

+

+package keystore

+

+import (

+ "bytes"

+ "crypto/ecdsa"

+ "encoding/hex"

+ "encoding/json"

+ "fmt"

+ "io"

+ "io/ioutil"

+ "os"

+ "path/filepath"

+ "strings"

+ "time"

+

+ "github.com/ava-labs/coreth/accounts"

+ "github.com/ava-labs/go-ethereum/common"

+ "github.com/ava-labs/go-ethereum/crypto"

+ "github.com/pborman/uuid"

+)

+

+const (

+ version = 3

+)

+

+type Key struct {

+ Id uuid.UUID // Version 4 "random" for unique id not derived from key data

+ // to simplify lookups we also store the address

+ Address common.Address

+ // we only store privkey as pubkey/address can be derived from it

+ // privkey in this struct is always in plaintext

+ PrivateKey *ecdsa.PrivateKey

+}

+

+type keyStore interface {

+ // Loads and decrypts the key from disk.

+ GetKey(addr common.Address, filename string, auth string) (*Key, error)

+ // Writes and encrypts the key.

+ StoreKey(filename string, k *Key, auth string) error

+ // Joins filename with the key directory unless it is already absolute.

+ JoinPath(filename string) string

+}

+

+type plainKeyJSON struct {

+ Address string `json:"address"`

+ PrivateKey string `json:"privatekey"`

+ Id string `json:"id"`

+ Version int `json:"version"`

+}

+

+type encryptedKeyJSONV3 struct {

+ Address string `json:"address"`

+ Crypto CryptoJSON `json:"crypto"`

+ Id string `json:"id"`

+ Version int `json:"version"`

+}

+

+type encryptedKeyJSONV1 struct {

+ Address string `json:"address"`

+ Crypto CryptoJSON `json:"crypto"`

+ Id string `json:"id"`

+ Version string `json:"version"`

+}

+

+type CryptoJSON struct {

+ Cipher string `json:"cipher"`

+ CipherText string `json:"ciphertext"`

+ CipherParams cipherparamsJSON `json:"cipherparams"`

+ KDF string `json:"kdf"`

+ KDFParams map[string]interface{} `json:"kdfparams"`

+ MAC string `json:"mac"`

+}

+

+type cipherparamsJSON struct {

+ IV string `json:"iv"`

+}

+

+func (k *Key) MarshalJSON() (j []byte, err error) {

+ jStruct := plainKeyJSON{

+ hex.EncodeToString(k.Address[:]),

+ hex.EncodeToString(crypto.FromECDSA(k.PrivateKey)),

+ k.Id.String(),

+ version,

+ }

+ j, err = json.Marshal(jStruct)

+ return j, err

+}

+

+func (k *Key) UnmarshalJSON(j []byte) (err error) {

+ keyJSON := new(plainKeyJSON)

+ err = json.Unmarshal(j, &keyJSON)

+ if err != nil {

+ return err

+ }

+

+ u := new(uuid.UUID)

+ *u = uuid.Parse(keyJSON.Id)

+ k.Id = *u

+ addr, err := hex.DecodeString(keyJSON.Address)

+ if err != nil {

+ return err

+ }

+ privkey, err := crypto.HexToECDSA(keyJSON.PrivateKey)

+ if err != nil {

+ return err

+ }

+

+ k.Address = common.BytesToAddress(addr)

+ k.PrivateKey = privkey

+

+ return nil

+}

+

+func newKeyFromECDSA(privateKeyECDSA *ecdsa.PrivateKey) *Key {

+ id := uuid.NewRandom()

+ key := &Key{

+ Id: id,

+ Address: crypto.PubkeyToAddress(privateKeyECDSA.PublicKey),

+ PrivateKey: privateKeyECDSA,

+ }

+ return key

+}

+

+// NewKeyForDirectICAP generates a key whose address fits into < 155 bits so it can fit

+// into the Direct ICAP spec. for simplicity and easier compatibility with other libs, we

+// retry until the first byte is 0.

+func NewKeyForDirectICAP(rand io.Reader) *Key {

+ randBytes := make([]byte, 64)

+ _, err := rand.Read(randBytes)

+ if err != nil {

+ panic("key generation: could not read from random source: " + err.Error())

+ }

+ reader := bytes.NewReader(randBytes)

+ privateKeyECDSA, err := ecdsa.GenerateKey(crypto.S256(), reader)

+ if err != nil {

+ panic("key generation: ecdsa.GenerateKey failed: " + err.Error())

+ }

+ key := newKeyFromECDSA(privateKeyECDSA)

+ if !strings.HasPrefix(key.Address.Hex(), "0x00") {

+ return NewKeyForDirectICAP(rand)

+ }

+ return key

+}

+

+func newKey(rand io.Reader) (*Key, error) {

+ privateKeyECDSA, err := ecdsa.GenerateKey(crypto.S256(), rand)

+ if err != nil {

+ return nil, err

+ }

+ return newKeyFromECDSA(privateKeyECDSA), nil

+}

+

+func storeNewKey(ks keyStore, rand io.Reader, auth string) (*Key, accounts.Account, error) {

+ key, err := newKey(rand)

+ if err != nil {

+ return nil, accounts.Account{}, err

+ }

+ a := accounts.Account{

+ Address: key.Address,

+ URL: accounts.URL{Scheme: KeyStoreScheme, Path: ks.JoinPath(keyFileName(key.Address))},

+ }

+ if err := ks.StoreKey(a.URL.Path, key, auth); err != nil {

+ zeroKey(key.PrivateKey)

+ return nil, a, err

+ }

+ return key, a, err

+}

+

+func writeTemporaryKeyFile(file string, content []byte) (string, error) {

+ // Create the keystore directory with appropriate permissions

+ // in case it is not present yet.

+ const dirPerm = 0700

+ if err := os.MkdirAll(filepath.Dir(file), dirPerm); err != nil {

+ return "", err

+ }

+ // Atomic write: create a temporary hidden file first

+ // then move it into place. TempFile assigns mode 0600.

+ f, err := ioutil.TempFile(filepath.Dir(file), "."+filepath.Base(file)+".tmp")

+ if err != nil {

+ return "", err

+ }

+ if _, err := f.Write(content); err != nil {

+ f.Close()

+ os.Remove(f.Name())

+ return "", err

+ }

+ f.Close()

+ return f.Name(), nil

+}

+

+func writeKeyFile(file string, content []byte) error {

+ name, err := writeTemporaryKeyFile(file, content)

+ if err != nil {

+ return err

+ }

+ return os.Rename(name, file)

+}

+

+// keyFileName implements the naming convention for keyfiles:

+// UTC--<created_at UTC ISO8601>-<address hex>

+func keyFileName(keyAddr common.Address) string {

+ ts := time.Now().UTC()

+ return fmt.Sprintf("UTC--%s--%s", toISO8601(ts), hex.EncodeToString(keyAddr[:]))

+}

+

+func toISO8601(t time.Time) string {

+ var tz string

+ name, offset := t.Zone()

+ if name == "UTC" {

+ tz = "Z"

+ } else {

+ tz = fmt.Sprintf("%03d00", offset/3600)

+ }

+ return fmt.Sprintf("%04d-%02d-%02dT%02d-%02d-%02d.%09d%s",

+ t.Year(), t.Month(), t.Day(), t.Hour(), t.Minute(), t.Second(), t.Nanosecond(), tz)

+}

+// Copyright 2017 The go-ethereum Authors

+// This file is part of the go-ethereum library.

+//

+// The go-ethereum library is free software: you can redistribute it and/or modify

+// it under the terms of the GNU Lesser General Public License as published by

+// the Free Software Foundation, either version 3 of the License, or

+// (at your option) any later version.

+//

+// The go-ethereum library is distributed in the hope that it will be useful,

+// but WITHOUT ANY WARRANTY; without even the implied warranty of

+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+// GNU Lesser General Public License for more details.

+//

+// You should have received a copy of the GNU Lesser General Public License

+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

+

+// Package keystore implements encrypted storage of secp256k1 private keys.

+//

+// Keys are stored as encrypted JSON files according to the Web3 Secret Storage specification.

+// See https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition for more information.

+package keystore

+

+import (

+ "crypto/ecdsa"

+ crand "crypto/rand"

+ "errors"

+ "fmt"

+ "math/big"

+ "os"

+ "path/filepath"

+ "reflect"

+ "runtime"

+ "sync"

+ "time"

+

+ "github.com/ava-labs/coreth/accounts"

+ "github.com/ava-labs/coreth/core/types"

+ "github.com/ava-labs/go-ethereum/common"

+ "github.com/ava-labs/go-ethereum/crypto"

+ "github.com/ava-labs/go-ethereum/event"

+)

+

+var (

+ ErrLocked = accounts.NewAuthNeededError("password or unlock")

+ ErrNoMatch = errors.New("no key for given address or file")

+ ErrDecrypt = errors.New("could not decrypt key with given password")

+)

+

+// KeyStoreType is the reflect type of a keystore backend.

+var KeyStoreType = reflect.TypeOf(&KeyStore{})

+

+// KeyStoreScheme is the protocol scheme prefixing account and wallet URLs.

+const KeyStoreScheme = "keystore"

+

+// Maximum time between wallet refreshes (if filesystem notifications don't work).

+const walletRefreshCycle = 3 * time.Second

+

+// KeyStore manages a key storage directory on disk.

+type KeyStore struct {

+ storage keyStore // Storage backend, might be cleartext or encrypted

+ cache *accountCache // In-memory account cache over the filesystem storage

+ changes chan struct{} // Channel receiving change notifications from the cache

+ unlocked map[common.Address]*unlocked // Currently unlocked account (decrypted private keys)

+

+ wallets []accounts.Wallet // Wallet wrappers around the individual key files

+ updateFeed event.Feed // Event feed to notify wallet additions/removals

+ updateScope event.SubscriptionScope // Subscription scope tracking current live listeners

+ updating bool // Whether the event notification loop is running

+

+ mu sync.RWMutex

+}

+

+type unlocked struct {

+ *Key

+ abort chan struct{}

+}

+

+// NewKeyStore creates a keystore for the given directory.

+func NewKeyStore(keydir string, scryptN, scryptP int) *KeyStore {

+ keydir, _ = filepath.Abs(keydir)

+ ks := &KeyStore{storage: &keyStorePassphrase{keydir, scryptN, scryptP, false}}

+ ks.init(keydir)

+ return ks

+}

+

+// NewPlaintextKeyStore creates a keystore for the given directory.

+// Deprecated: Use NewKeyStore.

+func NewPlaintextKeyStore(keydir string) *KeyStore {

+ keydir, _ = filepath.Abs(keydir)

+ ks := &KeyStore{storage: &keyStorePlain{keydir}}

+ ks.init(keydir)

+ return ks

+}

+

+func (ks *KeyStore) init(keydir string) {

+ // Lock the mutex since the account cache might call back with events

+ ks.mu.Lock()

+ defer ks.mu.Unlock()

+

+ // Initialize the set of unlocked keys and the account cache

+ ks.unlocked = make(map[common.Address]*unlocked)

+ ks.cache, ks.changes = newAccountCache(keydir)

+

+ // TODO: In order for this finalizer to work, there must be no references

+ // to ks. addressCache doesn't keep a reference but unlocked keys do,

+ // so the finalizer will not trigger until all timed unlocks have expired.

+ runtime.SetFinalizer(ks, func(m *KeyStore) {

+ m.cache.close()

+ })

+ // Create the initial list of wallets from the cache

+ accs := ks.cache.accounts()

+ ks.wallets = make([]accounts.Wallet, len(accs))

+ for i := 0; i < len(accs); i++ {

+ ks.wallets[i] = &keystoreWallet{account: accs[i], keystore: ks}

+ }

+}

+

+// Wallets implements accounts.Backend, returning all single-key wallets from the

+// keystore directory.

+func (ks *KeyStore) Wallets() []accounts.Wallet {

+ // Make sure the list of wallets is in sync with the account cache

+ ks.refreshWallets()

+

+ ks.mu.RLock()

+ defer ks.mu.RUnlock()

+

+ cpy := make([]accounts.Wallet, len(ks.wallets))

+ copy(cpy, ks.wallets)

+ return cpy

+}

+

+// refreshWallets retrieves the current account list and based on that does any

+// necessary wallet refreshes.

+func (ks *KeyStore) refreshWallets() {

+ // Retrieve the current list of accounts

+ ks.mu.Lock()

+ accs := ks.cache.accounts()

+

+ // Transform the current list of wallets into the new one

+ var (

+ wallets = make([]accounts.Wallet, 0, len(accs))

+ events []accounts.WalletEvent

+ )

+

+ for _, account := range accs {

+ // Drop wallets while they were in front of the next account

+ for len(ks.wallets) > 0 && ks.wallets[0].URL().Cmp(account.URL) < 0 {

+ events = append(events, accounts.WalletEvent{Wallet: ks.wallets[0], Kind: accounts.WalletDropped})

+ ks.wallets = ks.wallets[1:]

+ }

+ // If there are no more wallets or the account is before the next, wrap new wallet

+ if len(ks.wallets) == 0 || ks.wallets[0].URL().Cmp(account.URL) > 0 {

+ wallet := &keystoreWallet{account: account, keystore: ks}

+

+ events = append(events, accounts.WalletEvent{Wallet: wallet, Kind: accounts.WalletArrived})

+ wallets = append(wallets, wallet)

+ continue

+ }

+ // If the account is the same as the first wallet, keep it

+ if ks.wallets[0].Accounts()[0] == account {

+ wallets = append(wallets, ks.wallets[0])

+ ks.wallets = ks.wallets[1:]

+ continue

+ }

+ }

+ // Drop any leftover wallets and set the new batch

+ for _, wallet := range ks.wallets {

+ events = append(events, accounts.WalletEvent{Wallet: wallet, Kind: accounts.WalletDropped})

+ }

+ ks.wallets = wallets

+ ks.mu.Unlock()

+

+ // Fire all wallet events and return

+ for _, event := range events {

+ ks.updateFeed.Send(event)

+ }

+}

+

+// Subscribe implements accounts.Backend, creating an async subscription to

+// receive notifications on the addition or removal of keystore wallets.

+func (ks *KeyStore) Subscribe(sink chan<- accounts.WalletEvent) event.Subscription {

+ // We need the mutex to reliably start/stop the update loop

+ ks.mu.Lock()

+ defer ks.mu.Unlock()

+

+ // Subscribe the caller and track the subscriber count

+ sub := ks.updateScope.Track(ks.updateFeed.Subscribe(sink))

+

+ // Subscribers require an active notification loop, start it

+ if !ks.updating {

+ ks.updating = true

+ go ks.updater()

+ }

+ return sub

+}

+

+// updater is responsible for maintaining an up-to-date list of wallets stored in

+// the keystore, and for firing wallet addition/removal events. It listens for

+// account change events from the underlying account cache, and also periodically

+// forces a manual refresh (only triggers for systems where the filesystem notifier

+// is not running).

+func (ks *KeyStore) updater() {

+ for {

+ // Wait for an account update or a refresh timeout

+ select {

+ case <-ks.changes:

+ case <-time.After(walletRefreshCycle):

+ }

+ // Run the wallet refresher

+ ks.refreshWallets()

+

+ // If all our subscribers left, stop the updater

+ ks.mu.Lock()

+ if ks.updateScope.Count() == 0 {

+ ks.updating = false

+ ks.mu.Unlock()

+ return

+ }

+ ks.mu.Unlock()

+ }

+}

+

+// HasAddress reports whether a key with the given address is present.

+func (ks *KeyStore) HasAddress(addr common.Address) bool {

+ return ks.cache.hasAddress(addr)

+}

+

+// Accounts returns all key files present in the directory.

+func (ks *KeyStore) Accounts() []accounts.Account {

+ return ks.cache.accounts()

+}

+

+// Delete deletes the key matched by account if the passphrase is correct.

+// If the account contains no filename, the address must match a unique key.

+func (ks *KeyStore) Delete(a accounts.Account, passphrase string) error {

+ // Decrypting the key isn't really necessary, but we do

+ // it anyway to check the password and zero out the key

+ // immediately afterwards.

+ a, key, err := ks.getDecryptedKey(a, passphrase)

+ if key != nil {

+ zeroKey(key.PrivateKey)

+ }

+ if err != nil {

+ return err

+ }

+ // The order is crucial here. The key is dropped from the

+ // cache after the file is gone so that a reload happening in

+ // between won't insert it into the cache again.

+ err = os.Remove(a.URL.Path)

+ if err == nil {

+ ks.cache.delete(a)

+ ks.refreshWallets()

+ }

+ return err

+}

+

+// SignHash calculates a ECDSA signature for the given hash. The produced

+// signature is in the [R || S || V] format where V is 0 or 1.

+func (ks *KeyStore) SignHash(a accounts.Account, hash []byte) ([]byte, error) {

+ // Look up the key to sign with and abort if it cannot be found

+ ks.mu.RLock()

+ defer ks.mu.RUnlock()

+

+ unlockedKey, found := ks.unlocked[a.Address]

+ if !found {

+ return nil, ErrLocked

+ }

+ // Sign the hash using plain ECDSA operations

+ return crypto.Sign(hash, unlockedKey.PrivateKey)

+}

+

+// SignTx signs the given transaction with the requested account.

+func (ks *KeyStore) SignTx(a accounts.Account, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error) {

+ // Look up the key to sign with and abort if it cannot be found

+ ks.mu.RLock()

+ defer ks.mu.RUnlock()

+

+ unlockedKey, found := ks.unlocked[a.Address]

+ if !found {

+ return nil, ErrLocked

+ }

+ // Depending on the presence of the chain ID, sign with EIP155 or homestead

+ if chainID != nil {

+ return types.SignTx(tx, types.NewEIP155Signer(chainID), unlockedKey.PrivateKey)

+ }

+ return types.SignTx(tx, types.HomesteadSigner{}, unlockedKey.PrivateKey)

+}

+

+// SignHashWithPassphrase signs hash if the private key matching the given address

+// can be decrypted with the given passphrase. The produced signature is in the

+// [R || S || V] format where V is 0 or 1.

+func (ks *KeyStore) SignHashWithPassphrase(a accounts.Account, passphrase string, hash []byte) (signature []byte, err error) {

+ _, key, err := ks.getDecryptedKey(a, passphrase)

+ if err != nil {

+ return nil, err

+ }

+ defer zeroKey(key.PrivateKey)

+ return crypto.Sign(hash, key.PrivateKey)

+}

+

+// SignTxWithPassphrase signs the transaction if the private key matching the

+// given address can be decrypted with the given passphrase.

+func (ks *KeyStore) SignTxWithPassphrase(a accounts.Account, passphrase string, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error) {

+ _, key, err := ks.getDecryptedKey(a, passphrase)

+ if err != nil {

+ return nil, err

+ }

+ defer zeroKey(key.PrivateKey)

+

+ // Depending on the presence of the chain ID, sign with EIP155 or homestead

+ if chainID != nil {

+ return types.SignTx(tx, types.NewEIP155Signer(chainID), key.PrivateKey)

+ }

+ return types.SignTx(tx, types.HomesteadSigner{}, key.PrivateKey)

+}

+

+// Unlock unlocks the given account indefinitely.

+func (ks *KeyStore) Unlock(a accounts.Account, passphrase string) error {

+ return ks.TimedUnlock(a, passphrase, 0)

+}

+

+// Lock removes the private key with the given address from memory.

+func (ks *KeyStore) Lock(addr common.Address) error {

+ ks.mu.Lock()

+ if unl, found := ks.unlocked[addr]; found {

+ ks.mu.Unlock()

+ ks.expire(addr, unl, time.Duration(0)*time.Nanosecond)

+ } else {

+ ks.mu.Unlock()

+ }

+ return nil

+}

+

+// TimedUnlock unlocks the given account with the passphrase. The account

+// stays unlocked for the duration of timeout. A timeout of 0 unlocks the account

+// until the program exits. The account must match a unique key file.

+//

+// If the account address is already unlocked for a duration, TimedUnlock extends or

+// shortens the active unlock timeout. If the address was previously unlocked

+// indefinitely the timeout is not altered.

+func (ks *KeyStore) TimedUnlock(a accounts.Account, passphrase string, timeout time.Duration) error {

+ a, key, err := ks.getDecryptedKey(a, passphrase)

+ if err != nil {

+ return err

+ }

+

+ ks.mu.Lock()

+ defer ks.mu.Unlock()

+ u, found := ks.unlocked[a.Address]

+ if found {

+ if u.abort == nil {

+ // The address was unlocked indefinitely, so unlocking

+ // it with a timeout would be confusing.

+ zeroKey(key.PrivateKey)

+ return nil

+ }

+ // Terminate the expire goroutine and replace it below.

+ close(u.abort)

+ }

+ if timeout > 0 {

+ u = &unlocked{Key: key, abort: make(chan struct{})}

+ go ks.expire(a.Address, u, timeout)

+ } else {

+ u = &unlocked{Key: key}

+ }

+ ks.unlocked[a.Address] = u

+ return nil

+}

+

+// Find resolves the given account into a unique entry in the keystore.

+func (ks *KeyStore) Find(a accounts.Account) (accounts.Account, error) {

+ ks.cache.maybeReload()

+ ks.cache.mu.Lock()

+ a, err := ks.cache.find(a)

+ ks.cache.mu.Unlock()

+ return a, err

+}

+

+func (ks *KeyStore) getDecryptedKey(a accounts.Account, auth string) (accounts.Account, *Key, error) {

+ a, err := ks.Find(a)

+ if err != nil {

+ return a, nil, err

+ }

+ key, err := ks.storage.GetKey(a.Address, a.URL.Path, auth)

+ return a, key, err

+}

+

+func (ks *KeyStore) expire(addr common.Address, u *unlocked, timeout time.Duration) {

+ t := time.NewTimer(timeout)

+ defer t.Stop()

+ select {

+ case <-u.abort:

+ // just quit

+ case <-t.C:

+ ks.mu.Lock()

+ // only drop if it's still the same key instance that dropLater

+ // was launched with. we can check that using pointer equality

+ // because the map stores a new pointer every time the key is

+ // unlocked.

+ if ks.unlocked[addr] == u {

+ zeroKey(u.PrivateKey)

+ delete(ks.unlocked, addr)

+ }

+ ks.mu.Unlock()

+ }

+}

+

+// NewAccount generates a new key and stores it into the key directory,

+// encrypting it with the passphrase.

+func (ks *KeyStore) NewAccount(passphrase string) (accounts.Account, error) {

+ _, account, err := storeNewKey(ks.storage, crand.Reader, passphrase)

+ if err != nil {

+ return accounts.Account{}, err

+ }

+ // Add the account to the cache immediately rather

+ // than waiting for file system notifications to pick it up.

+ ks.cache.add(account)

+ ks.refreshWallets()

+ return account, nil

+}

+

+// Export exports as a JSON key, encrypted with newPassphrase.

+func (ks *KeyStore) Export(a accounts.Account, passphrase, newPassphrase string) (keyJSON []byte, err error) {

+ _, key, err := ks.getDecryptedKey(a, passphrase)

+ if err != nil {

+ return nil, err

+ }

+ var N, P int

+ if store, ok := ks.storage.(*keyStorePassphrase); ok {

+ N, P = store.scryptN, store.scryptP

+ } else {

+ N, P = StandardScryptN, StandardScryptP

+ }

+ return EncryptKey(key, newPassphrase, N, P)

+}

+

+// Import stores the given encrypted JSON key into the key directory.

+func (ks *KeyStore) Import(keyJSON []byte, passphrase, newPassphrase string) (accounts.Account, error) {

+ key, err := DecryptKey(keyJSON, passphrase)

+ if key != nil && key.PrivateKey != nil {

+ defer zeroKey(key.PrivateKey)

+ }

+ if err != nil {

+ return accounts.Account{}, err

+ }

+ return ks.importKey(key, newPassphrase)

+}

+

+// ImportECDSA stores the given key into the key directory, encrypting it with the passphrase.

+func (ks *KeyStore) ImportECDSA(priv *ecdsa.PrivateKey, passphrase string) (accounts.Account, error) {

+ key := newKeyFromECDSA(priv)

+ if ks.cache.hasAddress(key.Address) {

+ return accounts.Account{}, fmt.Errorf("account already exists")

+ }

+ return ks.importKey(key, passphrase)

+}

+

+func (ks *KeyStore) importKey(key *Key, passphrase string) (accounts.Account, error) {

+ a := accounts.Account{Address: key.Address, URL: accounts.URL{Scheme: KeyStoreScheme, Path: ks.storage.JoinPath(keyFileName(key.Address))}}

+ if err := ks.storage.StoreKey(a.URL.Path, key, passphrase); err != nil {

+ return accounts.Account{}, err

+ }

+ ks.cache.add(a)

+ ks.refreshWallets()

+ return a, nil

+}

+

+// Update changes the passphrase of an existing account.

+func (ks *KeyStore) Update(a accounts.Account, passphrase, newPassphrase string) error {

+ a, key, err := ks.getDecryptedKey(a, passphrase)

+ if err != nil {

+ return err

+ }

+ return ks.storage.StoreKey(a.URL.Path, key, newPassphrase)

+}

+

+// ImportPreSaleKey decrypts the given Ethereum presale wallet and stores

+// a key file in the key directory. The key file is encrypted with the same passphrase.

+func (ks *KeyStore) ImportPreSaleKey(keyJSON []byte, passphrase string) (accounts.Account, error) {

+ a, _, err := importPreSaleKey(ks.storage, keyJSON, passphrase)

+ if err != nil {

+ return a, err

+ }

+ ks.cache.add(a)

+ ks.refreshWallets()

+ return a, nil

+}

+

+// zeroKey zeroes a private key in memory.

+func zeroKey(k *ecdsa.PrivateKey) {

+ b := k.D.Bits()

+ for i := range b {

+ b[i] = 0

+ }

+}

+// Copyright 2014 The go-ethereum Authors

+// This file is part of the go-ethereum library.

+//

+// The go-ethereum library is free software: you can redistribute it and/or modify

+// it under the terms of the GNU Lesser General Public License as published by

+// the Free Software Foundation, either version 3 of the License, or

+// (at your option) any later version.

+//

+// The go-ethereum library is distributed in the hope that it will be useful,

+// but WITHOUT ANY WARRANTY; without even the implied warranty of

+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+// GNU Lesser General Public License for more details.

+//

+// You should have received a copy of the GNU Lesser General Public License

+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

+

+/*

+

+This key store behaves as KeyStorePlain with the difference that

+the private key is encrypted and on disk uses another JSON encoding.

+

+The crypto is documented at https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition

+

+*/

+

+package keystore

+

+import (

+ "bytes"

+ "crypto/aes"

+ "crypto/rand"

+ "crypto/sha256"

+ "encoding/hex"

+ "encoding/json"

+ "fmt"

+ "io"

+ "io/ioutil"

+ "os"

+ "path/filepath"

+

+ "github.com/ava-labs/coreth/accounts"

+ "github.com/ava-labs/go-ethereum/common"

+ "github.com/ava-labs/go-ethereum/common/math"

+ "github.com/ava-labs/go-ethereum/crypto"

+ "github.com/pborman/uuid"

+ "golang.org/x/crypto/pbkdf2"

+ "golang.org/x/crypto/scrypt"

+)

+

+const (

+ keyHeaderKDF = "scrypt"

+

+ // StandardScryptN is the N parameter of Scrypt encryption algorithm, using 256MB

+ // memory and taking approximately 1s CPU time on a modern processor.

+ StandardScryptN = 1 << 18

+

+ // StandardScryptP is the P parameter of Scrypt encryption algorithm, using 256MB

+ // memory and taking approximately 1s CPU time on a modern processor.

+ StandardScryptP = 1

+

+ // LightScryptN is the N parameter of Scrypt encryption algorithm, using 4MB

+ // memory and taking approximately 100ms CPU time on a modern processor.

+ LightScryptN = 1 << 12

+

+ // LightScryptP is the P parameter of Scrypt encryption algorithm, using 4MB

+ // memory and taking approximately 100ms CPU time on a modern processor.

+ LightScryptP = 6

+

+ scryptR = 8

+ scryptDKLen = 32

+)

+

+type keyStorePassphrase struct {

+ keysDirPath string

+ scryptN int

+ scryptP int

+ // skipKeyFileVerification disables the security-feature which does

+ // reads and decrypts any newly created keyfiles. This should be 'false' in all

+ // cases except tests -- setting this to 'true' is not recommended.

+ skipKeyFileVerification bool

+}

+

+func (ks keyStorePassphrase) GetKey(addr common.Address, filename, auth string) (*Key, error) {

+ // Load the key from the keystore and decrypt its contents

+ keyjson, err := ioutil.ReadFile(filename)

+ if err != nil {

+ return nil, err

+ }

+ key, err := DecryptKey(keyjson, auth)

+ if err != nil {

+ return nil, err

+ }

+ // Make sure we're really operating on the requested key (no swap attacks)

+ if key.Address != addr {

+ return nil, fmt.Errorf("key content mismatch: have account %x, want %x", key.Address, addr)

+ }

+ return key, nil

+}

+

+// StoreKey generates a key, encrypts with 'auth' and stores in the given directory

+func StoreKey(dir, auth string, scryptN, scryptP int) (accounts.Account, error) {

+ _, a, err := storeNewKey(&keyStorePassphrase{dir, scryptN, scryptP, false}, rand.Reader, auth)

+ return a, err

+}

+

+func (ks keyStorePassphrase) StoreKey(filename string, key *Key, auth string) error {

+ keyjson, err := EncryptKey(key, auth, ks.scryptN, ks.scryptP)

+ if err != nil {

+ return err

+ }

+ // Write into temporary file

+ tmpName, err := writeTemporaryKeyFile(filename, keyjson)

+ if err != nil {

+ return err

+ }

+ if !ks.skipKeyFileVerification {

+ // Verify that we can decrypt the file with the given password.

+ _, err = ks.GetKey(key.Address, tmpName, auth)

+ if err != nil {

+ msg := "An error was encountered when saving and verifying the keystore file. \n" +

+ "This indicates that the keystore is corrupted. \n" +

+ "The corrupted file is stored at \n%v\n" +

+ "Please file a ticket at:\n\n" +

+ "https://github.com/ethereum/go-ethereum/issues." +

+ "The error was : %s"

+ return fmt.Errorf(msg, tmpName, err)

+ }

+ }

+ return os.Rename(tmpName, filename)

+}

+

+func (ks keyStorePassphrase) JoinPath(filename string) string {

+ if filepath.IsAbs(filename) {

+ return filename

+ }

+ return filepath.Join(ks.keysDirPath, filename)

+}

+

+// Encryptdata encrypts the data given as 'data' with the password 'auth'.

+func EncryptDataV3(data, auth []byte, scryptN, scryptP int) (CryptoJSON, error) {

+

+ salt := make([]byte, 32)

+ if _, err := io.ReadFull(rand.Reader, salt); err != nil {

+ panic("reading from crypto/rand failed: " + err.Error())

+ }

+ derivedKey, err := scrypt.Key(auth, salt, scryptN, scryptR, scryptP, scryptDKLen)

+ if err != nil {

+ return CryptoJSON{}, err

+ }

+ encryptKey := derivedKey[:16]

+

+ iv := make([]byte, aes.BlockSize) // 16

+ if _, err := io.ReadFull(rand.Reader, iv); err != nil {

+ panic("reading from crypto/rand failed: " + err.Error())

+ }

+ cipherText, err := aesCTRXOR(encryptKey, data, iv)

+ if err != nil {

+ return CryptoJSON{}, err

+ }

+ mac := crypto.Keccak256(derivedKey[16:32], cipherText)

+

+ scryptParamsJSON := make(map[string]interface{}, 5)

+ scryptParamsJSON["n"] = scryptN

+ scryptParamsJSON["r"] = scryptR

+ scryptParamsJSON["p"] = scryptP

+ scryptParamsJSON["dklen"] = scryptDKLen

+ scryptParamsJSON["salt"] = hex.EncodeToString(salt)

+ cipherParamsJSON := cipherparamsJSON{

+ IV: hex.EncodeToString(iv),

+ }

+

+ cryptoStruct := CryptoJSON{

+ Cipher: "aes-128-ctr",

+ CipherText: hex.EncodeToString(cipherText),

+ CipherParams: cipherParamsJSON,

+ KDF: keyHeaderKDF,

+ KDFParams: scryptParamsJSON,

+ MAC: hex.EncodeToString(mac),

+ }

+ return cryptoStruct, nil

+}

+

+// EncryptKey encrypts a key using the specified scrypt parameters into a json

+// blob that can be decrypted later on.

+func EncryptKey(key *Key, auth string, scryptN, scryptP int) ([]byte, error) {

+ keyBytes := math.PaddedBigBytes(key.PrivateKey.D, 32)

+ cryptoStruct, err := EncryptDataV3(keyBytes, []byte(auth), scryptN, scryptP)

+ if err != nil {

+ return nil, err

+ }

+ encryptedKeyJSONV3 := encryptedKeyJSONV3{

+ hex.EncodeToString(key.Address[:]),

+ cryptoStruct,

+ key.Id.String(),

+ version,

+ }

+ return json.Marshal(encryptedKeyJSONV3)

+}

+

+// DecryptKey decrypts a key from a json blob, returning the private key itself.

+func DecryptKey(keyjson []byte, auth string) (*Key, error) {

+ // Parse the json into a simple map to fetch the key version

+ m := make(map[string]interface{})

+ if err := json.Unmarshal(keyjson, &m); err != nil {

+ return nil, err

+ }

+ // Depending on the version try to parse one way or another

+ var (

+ keyBytes, keyId []byte

+ err error

+ )

+ if version, ok := m["version"].(string); ok && version == "1" {

+ k := new(encryptedKeyJSONV1)

+ if err := json.Unmarshal(keyjson, k); err != nil {

+ return nil, err

+ }

+ keyBytes, keyId, err = decryptKeyV1(k, auth)

+ } else {

+ k := new(encryptedKeyJSONV3)

+ if err := json.Unmarshal(keyjson, k); err != nil {

+ return nil, err

+ }

+ keyBytes, keyId, err = decryptKeyV3(k, auth)

+ }

+ // Handle any decryption errors and return the key

+ if err != nil {

+ return nil, err

+ }

+ key := crypto.ToECDSAUnsafe(keyBytes)

+

+ return &Key{

+ Id: uuid.UUID(keyId),

+ Address: crypto.PubkeyToAddress(key.PublicKey),

+ PrivateKey: key,

+ }, nil

+}

+

+func DecryptDataV3(cryptoJson CryptoJSON, auth string) ([]byte, error) {

+ if cryptoJson.Cipher != "aes-128-ctr" {

+ return nil, fmt.Errorf("Cipher not supported: %v", cryptoJson.Cipher)

+ }

+ mac, err := hex.DecodeString(cryptoJson.MAC)

+ if err != nil {

+ return nil, err

+ }

+

+ iv, err := hex.DecodeString(cryptoJson.CipherParams.IV)

+ if err != nil {

+ return nil, err

+ }

+

+ cipherText, err := hex.DecodeString(cryptoJson.CipherText)

+ if err != nil {

+ return nil, err

+ }

+

+ derivedKey, err := getKDFKey(cryptoJson, auth)

+ if err != nil {

+ return nil, err

+ }

+

+ calculatedMAC := crypto.Keccak256(derivedKey[16:32], cipherText)

+ if !bytes.Equal(calculatedMAC, mac) {

+ return nil, ErrDecrypt

+ }

+

+ plainText, err := aesCTRXOR(derivedKey[:16], cipherText, iv)

+ if err != nil {

+ return nil, err

+ }

+ return plainText, err

+}

+

+func decryptKeyV3(keyProtected *encryptedKeyJSONV3, auth string) (keyBytes []byte, keyId []byte, err error) {

+ if keyProtected.Version != version {

+ return nil, nil, fmt.Errorf("Version not supported: %v", keyProtected.Version)

+ }

+ keyId = uuid.Parse(keyProtected.Id)

+ plainText, err := DecryptDataV3(keyProtected.Crypto, auth)

+ if err != nil {

+ return nil, nil, err

+ }

+ return plainText, keyId, err

+}

+

+func decryptKeyV1(keyProtected *encryptedKeyJSONV1, auth string) (keyBytes []byte, keyId []byte, err error) {

+ keyId = uuid.Parse(keyProtected.Id)

+ mac, err := hex.DecodeString(keyProtected.Crypto.MAC)

+ if err != nil {

+ return nil, nil, err

+ }

+

+ iv, err := hex.DecodeString(keyProtected.Crypto.CipherParams.IV)

+ if err != nil {

+ return nil, nil, err

+ }

+

+ cipherText, err := hex.DecodeString(keyProtected.Crypto.CipherText)

+ if err != nil {

+ return nil, nil, err

+ }

+

+ derivedKey, err := getKDFKey(keyProtected.Crypto, auth)

+ if err != nil {

+ return nil, nil, err

+ }

+

+ calculatedMAC := crypto.Keccak256(derivedKey[16:32], cipherText)

+ if !bytes.Equal(calculatedMAC, mac) {

+ return nil, nil, ErrDecrypt

+ }

+

+ plainText, err := aesCBCDecrypt(crypto.Keccak256(derivedKey[:16])[:16], cipherText, iv)

+ if err != nil {

+ return nil, nil, err

+ }

+ return plainText, keyId, err

+}

+

+func getKDFKey(cryptoJSON CryptoJSON, auth string) ([]byte, error) {

+ authArray := []byte(auth)

+ salt, err := hex.DecodeString(cryptoJSON.KDFParams["salt"].(string))

+ if err != nil {

+ return nil, err

+ }

+ dkLen := ensureInt(cryptoJSON.KDFParams["dklen"])

+

+ if cryptoJSON.KDF == keyHeaderKDF {

+ n := ensureInt(cryptoJSON.KDFParams["n"])

+ r := ensureInt(cryptoJSON.KDFParams["r"])

+ p := ensureInt(cryptoJSON.KDFParams["p"])

+ return scrypt.Key(authArray, salt, n, r, p, dkLen)

+

+ } else if cryptoJSON.KDF == "pbkdf2" {

+ c := ensureInt(cryptoJSON.KDFParams["c"])

+ prf := cryptoJSON.KDFParams["prf"].(string)

+ if prf != "hmac-sha256" {

+ return nil, fmt.Errorf("Unsupported PBKDF2 PRF: %s", prf)

+ }

+ key := pbkdf2.Key(authArray, salt, c, dkLen, sha256.New)

+ return key, nil

+ }

+

+ return nil, fmt.Errorf("Unsupported KDF: %s", cryptoJSON.KDF)

+}

+

+// TODO: can we do without this when unmarshalling dynamic JSON?

+// why do integers in KDF params end up as float64 and not int after

+// unmarshal?

+func ensureInt(x interface{}) int {

+ res, ok := x.(int)

+ if !ok {

+ res = int(x.(float64))

+ }

+ return res

+}

+// Copyright 2015 The go-ethereum Authors

+// This file is part of the go-ethereum library.

+//

+// The go-ethereum library is free software: you can redistribute it and/or modify

+// it under the terms of the GNU Lesser General Public License as published by

+// the Free Software Foundation, either version 3 of the License, or

+// (at your option) any later version.

+//

+// The go-ethereum library is distributed in the hope that it will be useful,

+// but WITHOUT ANY WARRANTY; without even the implied warranty of

+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+// GNU Lesser General Public License for more details.

+//

+// You should have received a copy of the GNU Lesser General Public License

+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

+

+package keystore

+

+import (

+ "encoding/json"

+ "fmt"

+ "os"

+ "path/filepath"

+

+ "github.com/ava-labs/go-ethereum/common"

+)

+

+type keyStorePlain struct {

+ keysDirPath string

+}

+

+func (ks keyStorePlain) GetKey(addr common.Address, filename, auth string) (*Key, error) {

+ fd, err := os.Open(filename)

+ if err != nil {

+ return nil, err

+ }

+ defer fd.Close()

+ key := new(Key)

+ if err := json.NewDecoder(fd).Decode(key); err != nil {

+ return nil, err

+ }

+ if key.Address != addr {

+ return nil, fmt.Errorf("key content mismatch: have address %x, want %x", key.Address, addr)

+ }

+ return key, nil

+}

+

+func (ks keyStorePlain) StoreKey(filename string, key *Key, auth string) error {

+ content, err := json.Marshal(key)

+ if err != nil {

+ return err

+ }

+ return writeKeyFile(filename, content)

+}

+

+func (ks keyStorePlain) JoinPath(filename string) string {

+ if filepath.IsAbs(filename) {

+ return filename

+ }

+ return filepath.Join(ks.keysDirPath, filename)

+}

+// Copyright 2016 The go-ethereum Authors

+// This file is part of the go-ethereum library.

+//

+// The go-ethereum library is free software: you can redistribute it and/or modify

+// it under the terms of the GNU Lesser General Public License as published by

+// the Free Software Foundation, either version 3 of the License, or

+// (at your option) any later version.

+//

+// The go-ethereum library is distributed in the hope that it will be useful,

+// but WITHOUT ANY WARRANTY; without even the implied warranty of

+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+// GNU Lesser General Public License for more details.

+//

+// You should have received a copy of the GNU Lesser General Public License

+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

+

+package keystore

+

+import (

+ "crypto/aes"

+ "crypto/cipher"

+ "crypto/sha256"

+ "encoding/hex"

+ "encoding/json"

+ "errors"

+ "fmt"

+

+ "github.com/ava-labs/coreth/accounts"

+ "github.com/ava-labs/go-ethereum/crypto"

+ "github.com/pborman/uuid"

+ "golang.org/x/crypto/pbkdf2"

+)

+

+// creates a Key and stores that in the given KeyStore by decrypting a presale key JSON

+func importPreSaleKey(keyStore keyStore, keyJSON []byte, password string) (accounts.Account, *Key, error) {

+ key, err := decryptPreSaleKey(keyJSON, password)

+ if err != nil {

+ return accounts.Account{}, nil, err

+ }

+ key.Id = uuid.NewRandom()

+ a := accounts.Account{

+ Address: key.Address,

+ URL: accounts.URL{

+ Scheme: KeyStoreScheme,

+ Path: keyStore.JoinPath(keyFileName(key.Address)),

+ },

+ }

+ err = keyStore.StoreKey(a.URL.Path, key, password)

+ return a, key, err

+}

+

+func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error) {

+ preSaleKeyStruct := struct {

+ EncSeed string

+ EthAddr string

+ Email string

+ BtcAddr string

+ }{}

+ err = json.Unmarshal(fileContent, &preSaleKeyStruct)

+ if err != nil {

+ return nil, err

+ }

+ encSeedBytes, err := hex.DecodeString(preSaleKeyStruct.EncSeed)

+ if err != nil {

+ return nil, errors.New("invalid hex in encSeed")

+ }

+ if len(encSeedBytes) < 16 {

+ return nil, errors.New("invalid encSeed, too short")

+ }

+ iv := encSeedBytes[:16]

+ cipherText := encSeedBytes[16:]

+ /*

+ See https://github.com/ethereum/pyethsaletool

+

+ pyethsaletool generates the encryption key from password by

+ 2000 rounds of PBKDF2 with HMAC-SHA-256 using password as salt (:().

+ 16 byte key length within PBKDF2 and resulting key is used as AES key

+ */

+ passBytes := []byte(password)

+ derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New)

+ plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv)

+ if err != nil {

+ return nil, err

+ }

+ ethPriv := crypto.Keccak256(plainText)

+ ecKey := crypto.ToECDSAUnsafe(ethPriv)

+

+ key = &Key{

+ Id: nil,

+ Address: crypto.PubkeyToAddress(ecKey.PublicKey),

+ PrivateKey: ecKey,

+ }

+ derivedAddr := hex.EncodeToString(key.Address.Bytes()) // needed because .Hex() gives leading "0x"

+ expectedAddr := preSaleKeyStruct.EthAddr

+ if derivedAddr != expectedAddr {

+ err = fmt.Errorf("decrypted addr '%s' not equal to expected addr '%s'", derivedAddr, expectedAddr)

+ }

+ return key, err

+}

+

+func aesCTRXOR(key, inText, iv []byte) ([]byte, error) {

+ // AES-128 is selected due to size of encryptKey.

+ aesBlock, err := aes.NewCipher(key)

+ if err != nil {

+ return nil, err

+ }

+ stream := cipher.NewCTR(aesBlock, iv)

+ outText := make([]byte, len(inText))

+ stream.XORKeyStream(outText, inText)

+ return outText, err

+}

+

+func aesCBCDecrypt(key, cipherText, iv []byte) ([]byte, error) {

+ aesBlock, err := aes.NewCipher(key)

+ if err != nil {

+ return nil, err

+ }

+ decrypter := cipher.NewCBCDecrypter(aesBlock, iv)

+ paddedPlaintext := make([]byte, len(cipherText))

+ decrypter.CryptBlocks(paddedPlaintext, cipherText)

+ plaintext := pkcs7Unpad(paddedPlaintext)

+ if plaintext == nil {

+ return nil, ErrDecrypt

+ }

+ return plaintext, err

+}

+

+// From https://leanpub.com/gocrypto/read#leanpub-auto-block-cipher-modes

+func pkcs7Unpad(in []byte) []byte {

+ if len(in) == 0 {

+ return nil

+ }

+

+ padding := in[len(in)-1]

+ if int(padding) > len(in) || padding > aes.BlockSize {

+ return nil

+ } else if padding == 0 {

+ return nil

+ }

+

+ for i := len(in) - 1; i > len(in)-int(padding)-1; i-- {

+ if in[i] != padding {

+ return nil

+ }

+ }

+ return in[:len(in)-int(padding)]

+}

+// Copyright 2017 The go-ethereum Authors

+// This file is part of the go-ethereum library.

+//

+// The go-ethereum library is free software: you can redistribute it and/or modify

+// it under the terms of the GNU Lesser General Public License as published by

+// the Free Software Foundation, either version 3 of the License, or

+// (at your option) any later version.

+//

+// The go-ethereum library is distributed in the hope that it will be useful,

+// but WITHOUT ANY WARRANTY; without even the implied warranty of

+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+// GNU Lesser General Public License for more details.

+//

+// You should have received a copy of the GNU Lesser General Public License

+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

+

+package keystore

+

+import (

+ "math/big"

+

+ "github.com/ava-labs/coreth/accounts"

+ "github.com/ava-labs/coreth/core/types"

+ ethereum "github.com/ava-labs/go-ethereum"

+ "github.com/ava-labs/go-ethereum/crypto"

+)

+

+// keystoreWallet implements the accounts.Wallet interface for the original

+// keystore.

+type keystoreWallet struct {

+ account accounts.Account // Single account contained in this wallet

+ keystore *KeyStore // Keystore where the account originates from

+}

+

+// URL implements accounts.Wallet, returning the URL of the account within.

+func (w *keystoreWallet) URL() accounts.URL {

+ return w.account.URL

+}

+

+// Status implements accounts.Wallet, returning whether the account held by the

+// keystore wallet is unlocked or not.

+func (w *keystoreWallet) Status() (string, error) {

+ w.keystore.mu.RLock()

+ defer w.keystore.mu.RUnlock()

+

+ if _, ok := w.keystore.unlocked[w.account.Address]; ok {

+ return "Unlocked", nil

+ }

+ return "Locked", nil

+}

+

+// Open implements accounts.Wallet, but is a noop for plain wallets since there

+// is no connection or decryption step necessary to access the list of accounts.

+func (w *keystoreWallet) Open(passphrase string) error { return nil }

+

+// Close implements accounts.Wallet, but is a noop for plain wallets since there

+// is no meaningful open operation.

+func (w *keystoreWallet) Close() error { return nil }

+

+// Accounts implements accounts.Wallet, returning an account list consisting of

+// a single account that the plain kestore wallet contains.

+func (w *keystoreWallet) Accounts() []accounts.Account {

+ return []accounts.Account{w.account}

+}

+

+// Contains implements accounts.Wallet, returning whether a particular account is

+// or is not wrapped by this wallet instance.

+func (w *keystoreWallet) Contains(account accounts.Account) bool {

+ return account.Address == w.account.Address && (account.URL == (accounts.URL{}) || account.URL == w.account.URL)

+}

+

+// Derive implements accounts.Wallet, but is a noop for plain wallets since there

+// is no notion of hierarchical account derivation for plain keystore accounts.

+func (w *keystoreWallet) Derive(path accounts.DerivationPath, pin bool) (accounts.Account, error) {

+ return accounts.Account{}, accounts.ErrNotSupported

+}

+

+// SelfDerive implements accounts.Wallet, but is a noop for plain wallets since

+// there is no notion of hierarchical account derivation for plain keystore accounts.

+func (w *keystoreWallet) SelfDerive(bases []accounts.DerivationPath, chain ethereum.ChainStateReader) {

+}

+

+// signHash attempts to sign the given hash with

+// the given account. If the wallet does not wrap this particular account, an

+// error is returned to avoid account leakage (even though in theory we may be

+// able to sign via our shared keystore backend).

+func (w *keystoreWallet) signHash(account accounts.Account, hash []byte) ([]byte, error) {

+ // Make sure the requested account is contained within

+ if !w.Contains(account) {

+ return nil, accounts.ErrUnknownAccount

+ }

+ // Account seems valid, request the keystore to sign

+ return w.keystore.SignHash(account, hash)

+}

+

+// SignData signs keccak256(data). The mimetype parameter describes the type of data being signed

+func (w *keystoreWallet) SignData(account accounts.Account, mimeType string, data []byte) ([]byte, error) {

+ return w.signHash(account, crypto.Keccak256(data))

+}

+

+// SignDataWithPassphrase signs keccak256(data). The mimetype parameter describes the type of data being signed

+func (w *keystoreWallet) SignDataWithPassphrase(account accounts.Account, passphrase, mimeType string, data []byte) ([]byte, error) {

+ // Make sure the requested account is contained within

+ if !w.Contains(account) {

+ return nil, accounts.ErrUnknownAccount

+ }

+ // Account seems valid, request the keystore to sign

+ return w.keystore.SignHashWithPassphrase(account, passphrase, crypto.Keccak256(data))

+}

+

+func (w *keystoreWallet) SignText(account accounts.Account, text []byte) ([]byte, error) {

+ return w.signHash(account, accounts.TextHash(text))

+}

+

+// SignTextWithPassphrase implements accounts.Wallet, attempting to sign the

+// given hash with the given account using passphrase as extra authentication.

+func (w *keystoreWallet) SignTextWithPassphrase(account accounts.Account, passphrase string, text []byte) ([]byte, error) {

+ // Make sure the requested account is contained within

+ if !w.Contains(account) {

+ return nil, accounts.ErrUnknownAccount

+ }

+ // Account seems valid, request the keystore to sign

+ return w.keystore.SignHashWithPassphrase(account, passphrase, accounts.TextHash(text))

+}

+

+// SignTx implements accounts.Wallet, attempting to sign the given transaction

+// with the given account. If the wallet does not wrap this particular account,

+// an error is returned to avoid account leakage (even though in theory we may

+// be able to sign via our shared keystore backend).

+func (w *keystoreWallet) SignTx(account accounts.Account, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error) {

+ // Make sure the requested account is contained within

+ if !w.Contains(account) {

+ return nil, accounts.ErrUnknownAccount

+ }

+ // Account seems valid, request the keystore to sign

+ return w.keystore.SignTx(account, tx, chainID)

+}

+

+// SignTxWithPassphrase implements accounts.Wallet, attempting to sign the given

+// transaction with the given account using passphrase as extra authentication.

+func (w *keystoreWallet) SignTxWithPassphrase(account accounts.Account, passphrase string, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error) {

+ // Make sure the requested account is contained within

+ if !w.Contains(account) {

+ return nil, accounts.ErrUnknownAccount

+ }

+ // Account seems valid, request the keystore to sign

+ return w.keystore.SignTxWithPassphrase(account, passphrase, tx, chainID)

+}

+// Copyright 2016 The go-ethereum Authors

+// This file is part of the go-ethereum library.

+//

+// The go-ethereum library is free software: you can redistribute it and/or modify

+// it under the terms of the GNU Lesser General Public License as published by

+// the Free Software Foundation, either version 3 of the License, or

+// (at your option) any later version.

+//

+// The go-ethereum library is distributed in the hope that it will be useful,

+// but WITHOUT ANY WARRANTY; without even the implied warranty of

+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+// GNU Lesser General Public License for more details.

+//

+// You should have received a copy of the GNU Lesser General Public License

+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

+

+// +build darwin,!ios,cgo freebsd linux,!arm64 netbsd solaris

+

+package keystore

+

+import (

+ "time"

+

+ "github.com/ava-labs/go-ethereum/log"

+ "github.com/rjeczalik/notify"

+)

+

+type watcher struct {

+ ac *accountCache

+ starting bool

+ running bool

+ ev chan notify.EventInfo

+ quit chan struct{}

+}

+

+func newWatcher(ac *accountCache) *watcher {

+ return &watcher{

+ ac: ac,

+ ev: make(chan notify.EventInfo, 10),

+ quit: make(chan struct{}),

+ }

+}

+

+// starts the watcher loop in the background.

+// Start a watcher in the background if that's not already in progress.

+// The caller must hold w.ac.mu.

+func (w *watcher) start() {

+ if w.starting || w.running {

+ return

+ }

+ w.starting = true

+ go w.loop()

+}

+

+func (w *watcher) close() {

+ close(w.quit)

+}

+

+func (w *watcher) loop() {

+ defer func() {

+ w.ac.mu.Lock()

+ w.running = false

+ w.starting = false

+ w.ac.mu.Unlock()

+ }()

+ logger := log.New("path", w.ac.keydir)

+

+ if err := notify.Watch(w.ac.keydir, w.ev, notify.All); err != nil {

+ logger.Trace("Failed to watch keystore folder", "err", err)

+ return

+ }

+ defer notify.Stop(w.ev)

+ logger.Trace("Started watching keystore folder")

+ defer logger.Trace("Stopped watching keystore folder")

+

+ w.ac.mu.Lock()

+ w.running = true

+ w.ac.mu.Unlock()

+

+ // Wait for file system events and reload.

+ // When an event occurs, the reload call is delayed a bit so that

+ // multiple events arriving quickly only cause a single reload.

+ var (

+ debounceDuration = 500 * time.Millisecond

+ rescanTriggered = false

+ debounce = time.NewTimer(0)

+ )

+ // Ignore initial trigger

+ if !debounce.Stop() {

+ <-debounce.C

+ }

+ defer debounce.Stop()

+ for {

+ select {

+ case <-w.quit:

+ return

+ case <-w.ev:

+ // Trigger the scan (with delay), if not already triggered

+ if !rescanTriggered {

+ debounce.Reset(debounceDuration)

+ rescanTriggered = true

+ }

+ case <-debounce.C:

+ w.ac.scanAccounts()

+ rescanTriggered = false

+ }

+ }

+}

+// Copyright 2016 The go-ethereum Authors

+// This file is part of the go-ethereum library.

+//

+// The go-ethereum library is free software: you can redistribute it and/or modify

+// it under the terms of the GNU Lesser General Public License as published by

+// the Free Software Foundation, either version 3 of the License, or

+// (at your option) any later version.

+//

+// The go-ethereum library is distributed in the hope that it will be useful,

+// but WITHOUT ANY WARRANTY; without even the implied warranty of

+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+// GNU Lesser General Public License for more details.

+//

+// You should have received a copy of the GNU Lesser General Public License

+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

+

+// +build darwin,!cgo ios linux,arm64 windows !darwin,!freebsd,!linux,!netbsd,!solaris

+

+// This is the fallback implementation of directory watching.

+// It is used on unsupported platforms.

+

+package keystore

+

+type watcher struct{ running bool }

+

+func newWatcher(*accountCache) *watcher { return new(watcher) }

+func (*watcher) start() {}

+func (*watcher) close() {}